Bug 173891 - os.path.realpath can't handle symlink loops
os.path.realpath can't handle symlink loops
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: python (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-22 04:14 EST by Bastien Nocera
Modified: 2013-04-12 13:13 EDT (History)
3 users (show)

See Also:
Fixed In Version: RHBA-2007-0247
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-05-01 13:18:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
python-no-symlink-loop-rhel4.patch (2.11 KB, patch)
2005-11-22 05:18 EST, Bastien Nocera
no flags Details | Diff

  None (edit)
Description Bastien Nocera 2005-11-22 04:14:48 EST
+++ This bug was initially created as a clone of Bug #173595 +++

Description of problem:
The problem is described in
https://sourceforge.net/tracker/index.php?func=detail&aid=930024&group_id=5470&atid=105470

Version-Release number of selected component (if applicable):
python-2.2.3-6.1 (RHEL3)
python-2.3.4-14.1 (RHEL4)

How reproducible:
Every time

Steps to Reproduce:
See upstreams report

Additional info:
The problem is fixed in newer releases upstreams.  The reason for this bug
report is that we need this fix in the python in RHEL3 and RHEL4, none of which
has the fix.  In the case of RHEL4, it would probably be enough to upgrade
python to 2.3.5.  For RHEL3, I guess a backport will be necessary.

-- Additional comment from bnocera@redhat.com on 2005-11-22 04:10 EST --
Created an attachment (id=121334)
python-no-symlink-loop-rhel3-2.patch

Backported from
http://cvs.sourceforge.net/viewcvs.py/python/python/dist/src/Lib/posixpath.py?rev=1.75&view=log


1)
Revision 1.67  - (view) (download) (as text) (annotate) - [select for diffs]
Sat Jul 10 22:55:13 2004 UTC (16 months, 1 week ago) by bcannon
Branch: MAIN
Changes since 1.66: +30 -6 lines
Diff to previous 1.66

posixpath.realpath() now detects symlink loops and returns the path just before

the loop starts.

Closes bug #930024.  Thanks AM Kuchling.

2)
Revision 1.71  - (view) (download) (as text) (annotate) - [select for diffs]
Sat Aug 14 15:01:53 2004 UTC (15 months, 1 week ago) by jlgijsbers
Branch: MAIN
Changes since 1.70: +9 -7 lines
Diff to previous 1.70

bug #990669: os.path.realpath() will resolve symlinks before normalizing the
path, as normalizing the path may alter the meaning of the path if it contains
symlinks.

Also add tests for infinite symlink loops and parent symlinks that need to be
resolved.

And 3)
Revision 1.74  - (view) (download) (as text) (annotate) - [select for diffs]
Fri Jun 3 14:24:43 2005 UTC (5 months, 2 weeks ago) by birkenfeld
Branch: MAIN
Changes since 1.73: +1 -1 lines
Diff to previous 1.73

Bug #1213894: os.path.realpath didn't resolve symlinks that were the first
component of the path.
Comment 1 Bastien Nocera 2005-11-22 05:18:27 EST
Created attachment 121336 [details]
python-no-symlink-loop-rhel4.patch

RHEL4 patch.
Comment 2 Steve 2006-04-12 09:13:24 EDT
The client is asking for an update on this issue and has asked why this was not
fixed in the latest update release.
Comment 4 RHEL Product and Program Management 2006-08-18 12:59:28 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 7 Jeremy Katz 2007-01-09 16:31:07 EST
Fixed in python-2.3.4-14.4
Comment 11 Red Hat Bugzilla 2007-05-01 13:18:06 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0247.html
Comment 12 Stephen Warren 2007-06-12 13:37:04 EDT
Unfortunately, the patch completely breaks correct operation of
os.path.realpath() in some scenarios:

Look at the existing symlink using ls:

$ ls -l /mnt/backup/hydrogen.gyanasoft.com/sequence/bkp.0
    /mnt/backup/hydrogen.gyanasoft.com/sequence/bkp.0 ->
                                ../data/bkp.2007.06.12.10.04

Ask Python about the symlink (python was run from the "backupplus" directory):

>>> os.path.realpath('/mnt/backup/hydrogen.gyanasoft.com/sequence/bkp.0')
'/home/swarren/cron_scripts/backupplus/data/bkp.2007.06.12.10.04'

The correct Python result above should have been:

/mnt/backup/hydrogen.gyanasoft.com/data/bkp.2007.06.12.10.04

Note that this occurs in python-2.3.4-14.4, but does not occur in
python-2.4.3-19.el5 from RHEL5.
Comment 13 Stephen Warren 2007-06-26 01:56:09 EDT
Any traction on this bug? I would have expected a new release with the bogus
patch backed out to be released ASAP...

Note You need to log in before you can comment on or make changes to this bug.