[MERGE] OSX's mkdtemp assigns wrong group by default
Guillermo Gonzalez
guillo.gonzo at gmail.com
Sun Aug 31 19:32:41 BST 2008
Hi,
On Sun, Aug 31, 2008 at 3:22 PM, John Arbash Meinel
<john at arbash-meinel.com> wrote:
> ...
>
>> john> dir = mkdtemp()
>> john> if sys.platform == 'darwin':
>> john> # OS X creates temp dirs with the 'wheel' group, which users are not likely
>> john> # to be in, and this prevents us from setting the sgid bit
>> john> os.chown(dir, os.getuid(), os.getgid())
>>
>> Conditional logic in tests ? >-/
>>
>> john> I would certainly be more comfortable modifying the one
>> john> test that needs group, rather than everytime someone
>> john> creates a temp dir.
>>
>> But then we risk writing tests suffering from the same problem.
>
> And then we fix specific tests that need it, but I honestly think that
> actively chowning mkdtemp would lead to security holes which is worse than
> having a test have a bit of platform specific logic.
> If we have other tests crop up, then we can revisit it. But a single test
> needing this does not necessitate doing it everywhere.
>
I wasn't aware of possible security holes related to this, at the time
I added it.
I'm thinking that a possible solution, to avoid conditionals in the
tests, could be adding an argument to osutils.mkdtemp, i.e:
osutils.mkdtemp(override_ug_id=False)
This would allow a specific test to override uid/guid, and also
keeping the current behaviour in all other test.
any thoughts?
Cheers,
--
Guillermo
More information about the bazaar
mailing list