Skip to content

C
cpython
Kaydet (Commit) 853ef475 authored tarafından Gregory P. Smith's avatar Gregory P. Smith
Dosyalara gözat
Seçenekler

merge heads

üst 990a5feb 430d7a30
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 30 additions and 160 deletions
Doc/library/shutil.rst
Dosyayı görüntüle @ 853ef475
......@@ -190,14 +190,15 @@ Directory and files operations
handled by calling a handler specified by *onerror* or, if that is omitted,
they raise an exception.
.. warning::
.. note::
The default :func:`rmtree` function is susceptible to a symlink attack:
given proper timing and circumstances, attackers can use it to delete
files they wouldn't be able to access otherwise. Thus -- on platforms
that support the necessary fd-based functions -- a safe version of
:func:`rmtree` is used, which isn't vulnerable. In this case
:data:`rmtree_is_safe` is set to True.
On platforms that support the necessary fd-based functions a symlink
attack resistant version of :func:`rmtree` is used by default. On other
platforms, the :func:`rmtree` implementation is susceptible to a
symlink attack: given proper timing and circumstances, attackers can
manipulate symlinks on the filesystem to delete files they wouldn't
be able to access otherwise. Applications can use the :data:`rmtree.avoids_symlink_attacks` function attribute to
determine which case applies.
If *onerror* is provided, it must be a callable that accepts three
parameters: *function*, *path*, and *excinfo*.
......@@ -209,16 +210,16 @@ Directory and files operations
:func:`sys.exc_info`. Exceptions raised by *onerror* will not be caught.
.. versionchanged:: 3.3
Added a safe version that is used automatically if platform supports
fd-based functions.
Added a symlink attack resistant version that is used automatically
if platform supports fd-based functions.
.. data:: rmtree_is_safe
.. data:: rmtree.avoids_symlink_attacks
Indicates whether the current platform and implementation has a symlink
attack-proof version of :func:`rmtree`. Currently this is only true for
platforms supporting fd-based directory access functions.
Indicates whether the current platform and implementation provides a
symlink attack resistant version of :func:`rmtree`. Currently this is
only true for platforms supporting fd-based directory access functions.
.. versionadded:: 3.3
.. versionadded:: 3.3
.. function:: move(src, dst)
......
Doc/whatsnew/3.3.rst
Dosyayı görüntüle @ 853ef475
......@@ -1296,6 +1296,11 @@ shutil
acts on the symlink itself (or creates one, if relevant).
(Contributed by Hynek Schlawack in :issue:`12715`.)
* :func:`~shutil.rmtree` is now resistant to symlink attacks on platforms
which support the new ``dir_fd`` parameter in :func:`os.open` and
:func:`os.unlinkat`. (Contributed by Martin von Löwis and Hynek Schlawack
in :issue:`4489`.)
signal
......
Lib/shutil.py
Dosyayı görüntüle @ 853ef475
......@@ -405,8 +405,9 @@ def _rmtree_safe_fd(topfd, path, onerror):
except os.error:
onerror(os.rmdir, path, sys.exc_info())
rmtree_is_safe = _use_fd_functions = (os.unlink in os.supports_dir_fd and
os.open in os.supports_dir_fd)
_use_fd_functions = (os.unlink in os.supports_dir_fd and
os.open in os.supports_dir_fd)
def rmtree(path, ignore_errors=False, onerror=None):
"""Recursively delete a directory tree.
......@@ -449,6 +450,9 @@ def rmtree(path, ignore_errors=False, onerror=None):
else:
return _rmtree_unsafe(path, onerror)
# Allow introspection of whether or not the hardening against symlink
# attacks is supported on the current platform
rmtree.avoids_symlink_attacks = _use_fd_functions
def _basename(path):
# A basename() variant which first strips the trailing slash, if present.
......
Lib/test/test_shutil.py
Dosyayı görüntüle @ 853ef475
......@@ -487,7 +487,7 @@ class TestShutil(unittest.TestCase):
def test_rmtree_uses_safe_fd_version_if_available(self):
if os.unlink in os.supports_dir_fd and os.open in os.supports_dir_fd:
self.assertTrue(shutil._use_fd_functions)
self.assertTrue(shutil.rmtree_is_safe)
self.assertTrue(shutil.rmtree.avoids_symlink_attacks)
tmp_dir = self.mkdtemp()
d = os.path.join(tmp_dir, 'a')
os.mkdir(d)
......@@ -502,7 +502,7 @@ class TestShutil(unittest.TestCase):
shutil._rmtree_safe_fd = real_rmtree
else:
self.assertFalse(shutil._use_fd_functions)
self.assertFalse(shutil.rmtree_is_safe)
self.assertFalse(shutil.rmtree.avoids_symlink_attacks)
def test_rmtree_dont_delete_file(self):
# When called on a file instead of a directory, don't delete it.
......
Mac/Makefile.in
Dosyayı görüntüle @ 853ef475
......@@ -43,11 +43,10 @@ STRIPFLAG=-s
CPMAC=/Developer/Tools/CpMac
APPTEMPLATE=$(srcdir)/Resources/app
APPSUBDIRS=MacOS Resources
APPSUBDIRS=MacOS Resources
compileall=$(srcdir)/../Lib/compileall.py
installapps: install_Python install_pythonw install_PythonLauncher install_IDLE \
checkapplepython
installapps: install_Python install_pythonw install_PythonLauncher install_IDLE
install_pythonw: pythonw
$(INSTALL_PROGRAM) $(STRIPFLAG) pythonw "$(DESTDIR)$(prefix)/bin/pythonw$(VERSION)"
......@@ -196,14 +195,6 @@ installextras: $(srcdir)/Extras.install.py
"$(DESTDIR)$(prefix)/share/doc/python$(VERSION)/examples/Tools" ; \
chmod -R ugo+rX,go-w "$(DESTDIR)$(prefix)/share/doc/python$(VERSION)/examples/Tools"
checkapplepython: $(srcdir)/Tools/fixapplepython23.py
@if ! $(RUNSHARED) $(BUILDPYTHON) $(srcdir)/Tools/fixapplepython23.py -n; then \
echo "* WARNING: Apple-installed Python 2.3 will have trouble building extensions from now on."; \
echo "* WARNING: Run $(srcdir)/Tools/fixapplepython23.py with \"sudo\" to fix this."; \
fi
clean:
rm pythonw
cd PythonLauncher && make clean
......
Mac/README
Dosyayı görüntüle @ 853ef475
This diff is collapsed.
Mac/Tools/fixapplepython23.py deleted 100644 → 0
Dosyayı görüntüle @ 990a5feb
#!/usr/bin/python
"""fixapplepython23 - Fix Apple-installed Python 2.3 (on Mac OS X 10.3)
Python 2.3 (and 2.3.X for X<5) have the problem that building an extension
for a framework installation may accidentally pick up the framework
of a newer Python, in stead of the one that was used to build the extension.
This script modifies the Makefile (in .../lib/python2.3/config) to use
the newer method of linking extensions with "-undefined dynamic_lookup"
which fixes this problem.
The script will first check all prerequisites, and return a zero exit
status also when nothing needs to be fixed.
"""
import sys
import os
import platform
MAKEFILE='/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/config/Makefile'
CHANGES=((
'LDSHARED=\t$(CC) $(LDFLAGS) -bundle -framework $(PYTHONFRAMEWORK)\n',
'LDSHARED=\t$(CC) $(LDFLAGS) -bundle -undefined dynamic_lookup\n'
),(
'BLDSHARED=\t$(CC) $(LDFLAGS) -bundle -framework $(PYTHONFRAMEWORK)\n',
'BLDSHARED=\t$(CC) $(LDFLAGS) -bundle -undefined dynamic_lookup\n'
),(
'CC=\t\tgcc\n',
'CC=\t\t/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/config/PantherPythonFix/run-gcc\n'
),(
'CXX=\t\tc++\n',
'CXX=\t\t/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/config/PantherPythonFix/run-g++\n'
))
GCC_SCRIPT='/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/config/PantherPythonFix/run-gcc'
GXX_SCRIPT='/System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/config/PantherPythonFix/run-g++'
SCRIPT="""#!/bin/sh
export MACOSX_DEPLOYMENT_TARGET=10.3
exec %s "${@}"
"""
def findline(lines, start):
"""return line starting with given string or -1"""
for i in range(len(lines)):
if lines[i][:len(start)] == start:
return i
return -1
def fix(makefile, do_apply):
"""Fix the Makefile, if required."""
fixed = False
lines = open(makefile).readlines()
for old, new in CHANGES:
i = findline(lines, new)
if i >= 0:
# Already fixed
continue
i = findline(lines, old)
if i < 0:
print('fixapplepython23: Python installation not fixed (appears broken)')
print('fixapplepython23: missing line:', old)
return 2
lines[i] = new
fixed = True
if fixed:
if do_apply:
print('fixapplepython23: Fix to Apple-installed Python 2.3 applied')
os.rename(makefile, makefile + '~')
open(makefile, 'w').writelines(lines)
return 0
else:
print('fixapplepython23: Fix to Apple-installed Python 2.3 should be applied')
return 1
else:
print('fixapplepython23: No fix needed, appears to have been applied before')
return 0
def makescript(filename, compiler):
"""Create a wrapper script for a compiler"""
dirname = os.path.split(filename)[0]
if not os.access(dirname, os.X_OK):
os.mkdir(dirname, 0o755)
fp = open(filename, 'w')
fp.write(SCRIPT % compiler)
fp.close()
os.chmod(filename, 0o755)
print('fixapplepython23: Created', filename)
def main():
# Check for -n option
if len(sys.argv) > 1 and sys.argv[1] == '-n':
do_apply = False
else:
do_apply = True
# First check OS version
if sys.byteorder == 'little':
# All intel macs are fine
print("fixapplypython23: no fix is needed on MacOSX on Intel")
sys.exit(0)
osver = platform.mac_ver()
if osver != '10.3' and os.ver < '10.3.':
print('fixapplepython23: no fix needed on MacOSX < 10.3')
sys.exit(0)
if osver >= '10.4':
print('fixapplepython23: no fix needed on MacOSX >= 10.4')
sys.exit(0)
# Test that a framework Python is indeed installed
if not os.path.exists(MAKEFILE):
print('fixapplepython23: Python framework does not appear to be installed (?), nothing fixed')
sys.exit(0)
# Check that we can actually write the file
if do_apply and not os.access(MAKEFILE, os.W_OK):
print('fixapplepython23: No write permission, please run with "sudo"')
sys.exit(2)
# Create the shell scripts
if do_apply:
if not os.access(GCC_SCRIPT, os.X_OK):
makescript(GCC_SCRIPT, "gcc")
if not os.access(GXX_SCRIPT, os.X_OK):
makescript(GXX_SCRIPT, "g++")
# Finally fix the makefile
rv = fix(MAKEFILE, do_apply)
#sys.exit(rv)
sys.exit(0)
if __name__ == '__main__':
main()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment