diff options
| author | Steve Dower <steve.dower@python.org> | 2024-05-24 17:27:01 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-24 17:27:01 (GMT) |
| commit | 5130731c9e779b97d00a24f54cdce73ce9975dfd (patch) | |
| tree | 9e87cdf79ffcba46651eed0928c66b87b7056084 /Doc | |
| parent | b228655c227b2ca298a8ffac44d14ce3d22f6faa (diff) | |
| download | cpython-5130731c9e779b97d00a24f54cdce73ce9975dfd.zip cpython-5130731c9e779b97d00a24f54cdce73ce9975dfd.tar.gz cpython-5130731c9e779b97d00a24f54cdce73ce9975dfd.tar.bz2 | |
[3.9] gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488) (GH-118741)
Co-authored-by: Ćukasz Langa <lukasz@langa.pl>
Diffstat (limited to 'Doc')
| -rw-r--r-- | Doc/library/os.rst | 7 | ||||
| -rw-r--r-- | Doc/whatsnew/3.9.rst | 15 |
2 files changed, 22 insertions, 0 deletions
diff --git a/Doc/library/os.rst b/Doc/library/os.rst index 35a7e1e..1d10ae7 100644 --- a/Doc/library/os.rst +++ b/Doc/library/os.rst @@ -1929,6 +1929,10 @@ features: platform-dependent. On some platforms, they are ignored and you should call :func:`chmod` explicitly to set them. + On Windows, a *mode* of ``0o700`` is specifically handled to apply access + control to the new directory such that only the current user and + administrators have access. Other values of *mode* are ignored. + This function can also support :ref:`paths relative to directory descriptors <dir_fd>`. @@ -1943,6 +1947,9 @@ features: .. versionchanged:: 3.6 Accepts a :term:`path-like object`. + .. versionchanged:: 3.9.20 + Windows now handles a *mode* of ``0o700``. + .. function:: makedirs(name, mode=0o777, exist_ok=False) diff --git a/Doc/whatsnew/3.9.rst b/Doc/whatsnew/3.9.rst index 1756a37..9383047 100644 --- a/Doc/whatsnew/3.9.rst +++ b/Doc/whatsnew/3.9.rst @@ -613,6 +613,13 @@ Added :func:`os.waitstatus_to_exitcode` function: convert a wait status to an exit code. (Contributed by Victor Stinner in :issue:`40094`.) +As of 3.9.20, :func:`os.mkdir` and :func:`os.makedirs` on Windows now support +passing a *mode* value of ``0o700`` to apply access control to the new +directory. This implicitly affects :func:`tempfile.mkdtemp` and is a +mitigation for CVE-2024-4030. Other values for *mode* continue to be +ignored. +(Contributed by Steve Dower in :gh:`118486`.) + pathlib ------- @@ -704,6 +711,14 @@ Previously, :attr:`sys.stderr` was block-buffered when non-interactive. Now ``stderr`` defaults to always being line-buffered. (Contributed by Jendrik Seipp in :issue:`13601`.) +tempfile +-------- + +As of 3.9.20 on Windows, the default mode ``0o700`` used by +:func:`tempfile.mkdtemp` now limits access to the new directory due to +changes to :func:`os.mkdir`. This is a mitigation for CVE-2024-4030. +(Contributed by Steve Dower in :gh:`118486`.) + tracemalloc ----------- |