gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488)

author: Steve Dower <steve.dower@python.org> 2024-05-09 18:18:56 (GMT)
committer: GitHub <noreply@github.com> 2024-05-09 18:18:56 (GMT)
commit: eb29e2f5905da93333d1ce78bc98b151e763ff46 (patch)
tree: b242b4e2071fdb7972aea26fc1206c448f176c24 /Misc
parent: c0d257cc69a943d2c211fe7ad54e706f1085ba1a (diff)
download: cpython-eb29e2f5905da93333d1ce78bc98b151e763ff46.zip
cpython-eb29e2f5905da93333d1ce78bc98b151e763ff46.tar.gz
cpython-eb29e2f5905da93333d1ce78bc98b151e763ff46.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst b/Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst
new file mode 100644
index 0000000..8ac48aa
--- /dev/null
+++ b/Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst
@@ -0,0 +1,4 @@
+:func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict
+the new directory to the current user. This fixes :cve:`2024-4030`
+affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary
+directory is more permissive than the default.
author	Steve Dower <steve.dower@python.org>	2024-05-09 18:18:56 (GMT)
committer	GitHub <noreply@github.com>	2024-05-09 18:18:56 (GMT)
commit	eb29e2f5905da93333d1ce78bc98b151e763ff46 (patch)
tree	b242b4e2071fdb7972aea26fc1206c448f176c24 /Misc
parent	c0d257cc69a943d2c211fe7ad54e706f1085ba1a (diff)
download	cpython-eb29e2f5905da93333d1ce78bc98b151e763ff46.zip cpython-eb29e2f5905da93333d1ce78bc98b151e763ff46.tar.gz cpython-eb29e2f5905da93333d1ce78bc98b151e763ff46.tar.bz2