➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2004-07-14 04:58 by dave0000, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Messages (3) | |||
|---|---|---|---|
| msg21568 - (view) | Author: Anton Koinov (dave0000) | Date: 2004-07-14 04:58 | |
os.path.realpath() does not handle symlinks properly on
Linux (at least, does not do it the same way as the
Linux file functions do).
To reproduce follow these steps:
mkdir a
mkdir a/k
mkdir a/l
mkdir a/k/x
mkdir a/k/y
cd a
ln -s k/y link-y
ls link-y/..
This outputs: x/ y/
In other words, link-y/.. == a/k
Now, while still in directory 'a' (in bash) execute on
one line:
python -c 'import os.path'$'\n''print
os.path.realpath("link-y/..")'
This will print: /path/to/a
In other words: os.path.realpath('link-y/..') == a
That is, the link link-y has not been expanded to the
directory it points to before .. (go to parent
directory) has been applied to the path.
os.path.normpath() has the same problem.
This may be a potential security risk if one uses
realpath to check if a requested path is inside a
certain restricted subdirectory.
|
|||
| msg21569 - (view) | Author: Johannes Gijsbers (jlgijsbers) *  |
Date: 2004-07-23 15:45 | |
Logged In: YES user_id=469548 I've created a patch for realpath (http://python.org/sf/996627) and a doc patch for normpath (http://python.org/sf/996626). There's a comment in posixpath.py warning for this problem with normpath, and it's been there since 1992, so I don't think we should go around changing it now. |
|||
| msg21570 - (view) | Author: Johannes Gijsbers (jlgijsbers) * |
Date: 2004-08-14 15:04 | |
Logged In: YES user_id=469548 The patches below have been checked in. Closing as fixed. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:05 | admin | set | github: 40556 |
| 2004-07-14 04:58:40 | dave0000 | create | |