Bug 173891 - os.path.realpath can't handle symlink loops
Summary: os.path.realpath can't handle symlink loops
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: python
Version: 4.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Jeremy Katz
QA Contact: Brock Organ
Depends On:
TreeView+ depends on / blocked
Reported: 2005-11-22 09:14 UTC by Bastien Nocera
Modified: 2018-10-19 20:49 UTC (History)
3 users (show)

Clone Of:
Last Closed: 2007-05-01 17:18:06 UTC

Attachments (Terms of Use)
python-no-symlink-loop-rhel4.patch (2.11 KB, patch)
2005-11-22 10:18 UTC, Bastien Nocera
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2007:0247 normal SHIPPED_LIVE python bugfix update 2007-05-01 17:18:04 UTC

Internal Trackers: 243909

Description Bastien Nocera 2005-11-22 09:14:48 UTC
+++ This bug was initially created as a clone of Bug #173595 +++

Description of problem:
The problem is described in

Version-Release number of selected component (if applicable):
python-2.2.3-6.1 (RHEL3)
python-2.3.4-14.1 (RHEL4)

How reproducible:
Every time

Steps to Reproduce:
See upstreams report

Additional info:
The problem is fixed in newer releases upstreams.  The reason for this bug
report is that we need this fix in the python in RHEL3 and RHEL4, none of which
has the fix.  In the case of RHEL4, it would probably be enough to upgrade
python to 2.3.5.  For RHEL3, I guess a backport will be necessary.

-- Additional comment from bnocera@redhat.com on 2005-11-22 04:10 EST --
Created an attachment (id=121334)

Backported from

Revision 1.67  - (view) (download) (as text) (annotate) - [select for diffs]
Sat Jul 10 22:55:13 2004 UTC (16 months, 1 week ago) by bcannon
Branch: MAIN
Changes since 1.66: +30 -6 lines
Diff to previous 1.66

posixpath.realpath() now detects symlink loops and returns the path just before

the loop starts.

Closes bug #930024.  Thanks AM Kuchling.

Revision 1.71  - (view) (download) (as text) (annotate) - [select for diffs]
Sat Aug 14 15:01:53 2004 UTC (15 months, 1 week ago) by jlgijsbers
Branch: MAIN
Changes since 1.70: +9 -7 lines
Diff to previous 1.70

bug #990669: os.path.realpath() will resolve symlinks before normalizing the
path, as normalizing the path may alter the meaning of the path if it contains

Also add tests for infinite symlink loops and parent symlinks that need to be

And 3)
Revision 1.74  - (view) (download) (as text) (annotate) - [select for diffs]
Fri Jun 3 14:24:43 2005 UTC (5 months, 2 weeks ago) by birkenfeld
Branch: MAIN
Changes since 1.73: +1 -1 lines
Diff to previous 1.73

Bug #1213894: os.path.realpath didn't resolve symlinks that were the first
component of the path.

Comment 1 Bastien Nocera 2005-11-22 10:18:27 UTC
Created attachment 121336 [details]

RHEL4 patch.

Comment 2 Steve 2006-04-12 13:13:24 UTC
The client is asking for an update on this issue and has asked why this was not
fixed in the latest update release.

Comment 4 RHEL Product and Program Management 2006-08-18 16:59:28 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update

Comment 7 Jeremy Katz 2007-01-09 21:31:07 UTC
Fixed in python-2.3.4-14.4

Comment 11 Red Hat Bugzilla 2007-05-01 17:18:06 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Comment 12 Stephen Warren 2007-06-12 17:37:04 UTC
Unfortunately, the patch completely breaks correct operation of
os.path.realpath() in some scenarios:

Look at the existing symlink using ls:

$ ls -l /mnt/backup/hydrogen.gyanasoft.com/sequence/bkp.0
    /mnt/backup/hydrogen.gyanasoft.com/sequence/bkp.0 ->

Ask Python about the symlink (python was run from the "backupplus" directory):

>>> os.path.realpath('/mnt/backup/hydrogen.gyanasoft.com/sequence/bkp.0')

The correct Python result above should have been:


Note that this occurs in python-2.3.4-14.4, but does not occur in
python-2.4.3-19.el5 from RHEL5.

Comment 13 Stephen Warren 2007-06-26 05:56:09 UTC
Any traction on this bug? I would have expected a new release with the bogus
patch backed out to be released ASAP...

Note You need to log in before you can comment on or make changes to this bug.