Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython2 / aed51d8121f321e37274171b695cd0e3876465c6
commitaed51d8121f321e37274171b695cd0e3876465c6[log] [tgz]
authorGuido van Rossum <guido@python.org>Mon Aug 05 16:13:24 2002 +0000
committerGuido van Rossum <guido@python.org>Mon Aug 05 16:13:24 2002 +0000
tree83e17c55398e4add85a2ed179e3c36ddf77cd776
parentaaebdd6a02dd4d650b14e2192e327336ecb62a98 [diff]
SF patch 590294: os._execvpe security fix (Zack Weinberg).

1) Do not attempt to exec a file which does not exist
just to find out what error the operating system
returns. This is an exploitable race on all platforms
that support symbolic links.

2) Immediately re-raise the exception if we get an
error other than errno.ENOENT or errno.ENOTDIR. This
may need to be adapted for other platforms.

(As a security issue, this should be considered for 2.1
and 2.2 as well as 2.3.)
1 file changed
tree: 83e17c55398e4add85a2ed179e3c36ddf77cd776
  1. Demo/
  2. Doc/
  3. Grammar/
  4. Include/
  5. Lib/
  6. Mac/
  7. Misc/
  8. Modules/
  9. Objects/
  10. Parser/
  11. PC/
  12. PCbuild/
  13. Python/
  14. RISCOS/
  15. Tools/
  16. .cvsignore
  17. .hgtags
  18. configure
  19. configure.in
  20. install-sh
  21. LICENSE
  22. Makefile.pre.in
  23. PLAN.txt
  24. pyconfig.h.in
  25. README
  26. setup.py