summaryrefslogtreecommitdiffstats
path: root/Doc/library/shutil.rst
diff options
context:
space:
mode:
authorHynek Schlawack <hs@ox.cx>2012-06-23 18:28:32 (GMT)
committerHynek Schlawack <hs@ox.cx>2012-06-23 18:28:32 (GMT)
commit2100b42317ccbeed60fba90157b20ef4738f56f1 (patch)
tree0425868586b37998571b7bbcb131b4d4873929c6 /Doc/library/shutil.rst
parent1641cea02b036b0a43b68f85bafa5b7e5a4ab97b (diff)
downloadcpython-2100b42317ccbeed60fba90157b20ef4738f56f1.zip
cpython-2100b42317ccbeed60fba90157b20ef4738f56f1.tar.gz
cpython-2100b42317ccbeed60fba90157b20ef4738f56f1.tar.bz2
#4489: Fix usage of fd-based functions to new api introduced earlier today
Also add an explicit test for safe implementation usage on supported platforms. As a side effect, this commit adds a module-level attribute 'rmtree_is_safe' which offers introspection whether the current rmtree implementation is safe against symlink attacks.
Diffstat (limited to 'Doc/library/shutil.rst')
-rw-r--r--Doc/library/shutil.rst15
1 files changed, 11 insertions, 4 deletions
diff --git a/Doc/library/shutil.rst b/Doc/library/shutil.rst
index c3eb990..5521841 100644
--- a/Doc/library/shutil.rst
+++ b/Doc/library/shutil.rst
@@ -195,9 +195,9 @@ Directory and files operations
The default :func:`rmtree` function is susceptible to a symlink attack:
given proper timing and circumstances, attackers can use it to delete
files they wouldn't be able to access otherwise. Thus -- on platforms
- that support the necessary fd-based functions :func:`os.openat` and
- :func:`os.unlinkat` -- a safe version of :func:`rmtree` is used, which
- isn't vulnerable.
+ that support the necessary fd-based functions -- a safe version of
+ :func:`rmtree` is used, which isn't vulnerable. In this case
+ :data:`rmtree_is_safe` is set to True.
If *onerror* is provided, it must be a callable that accepts three
parameters: *function*, *path*, and *excinfo*.
@@ -210,8 +210,15 @@ Directory and files operations
.. versionchanged:: 3.3
Added a safe version that is used automatically if platform supports
- the fd-based functions :func:`os.openat` and :func:`os.unlinkat`.
+ fd-based functions.
+.. data:: rmtree_is_safe
+
+ Indicates whether the current platform and implementation has a symlink
+ attack-proof version of :func:`rmtree`. Currently this is only true for
+ platforms supporting fd-based directory access functions.
+
+ .. versionadded:: 3.3
.. function:: move(src, dst)