commit | aed51d8121f321e37274171b695cd0e3876465c6 | [log] [tgz] |
---|---|---|
author | Guido van Rossum <guido@python.org> | Mon Aug 05 16:13:24 2002 +0000 |
committer | Guido van Rossum <guido@python.org> | Mon Aug 05 16:13:24 2002 +0000 |
tree | 83e17c55398e4add85a2ed179e3c36ddf77cd776 | |
parent | aaebdd6a02dd4d650b14e2192e327336ecb62a98 [diff] |
SF patch 590294: os._execvpe security fix (Zack Weinberg). 1) Do not attempt to exec a file which does not exist just to find out what error the operating system returns. This is an exploitable race on all platforms that support symbolic links. 2) Immediately re-raise the exception if we get an error other than errno.ENOENT or errno.ENOTDIR. This may need to be adapted for other platforms. (As a security issue, this should be considered for 2.1 and 2.2 as well as 2.3.)