diff options
author | Hynek Schlawack <hs@ox.cx> | 2012-06-23 18:28:32 (GMT) |
---|---|---|
committer | Hynek Schlawack <hs@ox.cx> | 2012-06-23 18:28:32 (GMT) |
commit | 2100b42317ccbeed60fba90157b20ef4738f56f1 (patch) | |
tree | 0425868586b37998571b7bbcb131b4d4873929c6 /Doc/library/shutil.rst | |
parent | 1641cea02b036b0a43b68f85bafa5b7e5a4ab97b (diff) | |
download | cpython-2100b42317ccbeed60fba90157b20ef4738f56f1.zip cpython-2100b42317ccbeed60fba90157b20ef4738f56f1.tar.gz cpython-2100b42317ccbeed60fba90157b20ef4738f56f1.tar.bz2 |
#4489: Fix usage of fd-based functions to new api introduced earlier today
Also add an explicit test for safe implementation usage on supported platforms.
As a side effect, this commit adds a module-level attribute 'rmtree_is_safe'
which offers introspection whether the current rmtree implementation is safe
against symlink attacks.
Diffstat (limited to 'Doc/library/shutil.rst')
-rw-r--r-- | Doc/library/shutil.rst | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/Doc/library/shutil.rst b/Doc/library/shutil.rst index c3eb990..5521841 100644 --- a/Doc/library/shutil.rst +++ b/Doc/library/shutil.rst @@ -195,9 +195,9 @@ Directory and files operations The default :func:`rmtree` function is susceptible to a symlink attack: given proper timing and circumstances, attackers can use it to delete files they wouldn't be able to access otherwise. Thus -- on platforms - that support the necessary fd-based functions :func:`os.openat` and - :func:`os.unlinkat` -- a safe version of :func:`rmtree` is used, which - isn't vulnerable. + that support the necessary fd-based functions -- a safe version of + :func:`rmtree` is used, which isn't vulnerable. In this case + :data:`rmtree_is_safe` is set to True. If *onerror* is provided, it must be a callable that accepts three parameters: *function*, *path*, and *excinfo*. @@ -210,8 +210,15 @@ Directory and files operations .. versionchanged:: 3.3 Added a safe version that is used automatically if platform supports - the fd-based functions :func:`os.openat` and :func:`os.unlinkat`. + fd-based functions. +.. data:: rmtree_is_safe + + Indicates whether the current platform and implementation has a symlink + attack-proof version of :func:`rmtree`. Currently this is only true for + platforms supporting fd-based directory access functions. + + .. versionadded:: 3.3 .. function:: move(src, dst) |