Skip to content

Commit

Permalink
gh-118486: Update docs for CVE-2024-4030 reference (GH-118737)
Browse files Browse the repository at this point in the history
  • Loading branch information
zooba authored May 8, 2024
1 parent 891fd12 commit 66f8bb7
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 0 deletions.
14 changes: 14 additions & 0 deletions Doc/whatsnew/3.13.rst
Original file line number Diff line number Diff line change
Expand Up @@ -847,6 +847,12 @@ os
:c:func:`!posix_spawn_file_actions_addclosefrom_np`.
(Contributed by Jakub Kulik in :gh:`113117`.)

* :func:`os.mkdir` and :func:`os.makedirs` on Windows now support passing a
*mode* value of ``0o700`` to apply access control to the new directory. This
implicitly affects :func:`tempfile.mkdtemp` and is a mitigation for
:cve:`2024-4030`. Other values for *mode* continue to be ignored.
(Contributed by Steve Dower in :gh:`118486`.)

os.path
-------

Expand Down Expand Up @@ -989,6 +995,14 @@ sys
This function is not guaranteed to exist in all implementations of Python.
(Contributed by Serhiy Storchaka in :gh:`78573`.)

tempfile
--------

* On Windows, the default mode ``0o700`` used by :func:`tempfile.mkdtemp` now
limits access to the new directory due to changes to :func:`os.mkdir`. This
is a mitigation for :cve:`2024-4030`.
(Contributed by Steve Dower in :gh:`118486`.)

time
----

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
:func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict
the new directory to the current user. This fixes :cve:`2024-4030`
affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary
directory is more permissive than the default.

0 comments on commit 66f8bb7

Please sign in to comment.