Skip to content

[CVE-2024-4030] Enable mkdir(mode=0o700) to work on Windows #118486

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
zooba opened this issue May 1, 2024 · 2 comments
Closed

[CVE-2024-4030] Enable mkdir(mode=0o700) to work on Windows #118486

zooba opened this issue May 1, 2024 · 2 comments
Assignees
@zooba
Labels
3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes OS-windows type-security A security issue

Comments

@zooba
Copy link
Member

zooba commented May 1, 2024
edited by bedevere-app bot
Loading

If we interpret 0o700 as "only accessible by the current user", then we can imitate the behaviour with ACLs.

Linked PRs
@zooba zooba self-assigned this May 1, 2024
@bedevere-app bedevere-app bot mentioned this issue May 1, 2024
Merged
zooba added a commit to zooba/cpython that referenced this issue May 1, 2024
@zooba
pythongh-118486: Support mkdir(mode=0o700) on Windows
4bd91f2
zooba added a commit that referenced this issue May 2, 2024
@zooba
gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488)
81939da
zooba added a commit to zooba/cpython that referenced this issue May 2, 2024
@zooba
pythongh-118486: Switch mkdir(mode=0o700) on Windows to use OWNER RIG…
77b83f4 
…HTS instead of CURRENT_USER
@bedevere-app bedevere-app bot mentioned this issue May 2, 2024
Merged
zooba added a commit that referenced this issue May 2, 2024
@zooba
gh-118486: Switch mkdir(mode=0o700) on Windows to use OWNER RIGHTS in…
8ed5466 
…stead of CURRENT_USER (GH-118515)
@nineteendo
Copy link
Contributor

Are you done here?

@zooba
Copy link
Member Author

zooba commented May 3, 2024

No, not yet.

@zooba zooba changed the title Enable mkdir(mode=0o700) to work on Windows [CVE-2024-4030] Enable mkdir(mode=0o700) to work on Windows May 7, 2024
@bedevere-app bedevere-app bot mentioned this issue May 7, 2024
Merged
@zooba zooba added type-security A security issue 3.11 only security fixes 3.10 only security fixes 3.9 only security fixes 3.8 (EOL) end of life 3.12 only security fixes labels May 7, 2024
zooba added a commit to zooba/cpython that referenced this issue May 7, 2024
@zooba
pythongh-118486: Support mkdir(mode=0o700) on Windows
1193b36
zooba added a commit to zooba/cpython that referenced this issue May 7, 2024
@zooba
pythongh-118486: Support mkdir(mode=0o700) on Windows
018a779
zooba added a commit to zooba/cpython that referenced this issue May 7, 2024
@zooba
pythongh-118486: Support mkdir(mode=0o700) on Windows
c85fa1f
zooba added a commit to zooba/cpython that referenced this issue May 7, 2024
@zooba
pythongh-118486: Support mkdir(mode=0o700) on Windows
86da8de
This was referenced May 7, 2024
Merged
Merged
Merged
Merged
Merged
zooba added a commit to zooba/cpython that referenced this issue May 7, 2024
@zooba
pythongh-118486: Support mkdir(mode=0o700) on Windows
ffed50e
SonicField pushed a commit to SonicField/cpython that referenced this issue May 8, 2024
@zooba @SonicField
pythongh-118486: Support mkdir(mode=0o700) on Windows (pythonGH-118488)
7ff1c09
SonicField pushed a commit to SonicField/cpython that referenced this issue May 8, 2024
@zooba @SonicField
pythongh-118486: Switch mkdir(mode=0o700) on Windows to use OWNER RIG…
abd0602 
…HTS instead of CURRENT_USER (pythonGH-118515)
@bedevere-app bedevere-app bot mentioned this issue May 8, 2024
Merged
zooba added a commit that referenced this issue May 8, 2024
@zooba
gh-118486: Update docs for CVE-2024-4030 reference (GH-118737)
66f8bb7
zooba added a commit to zooba/cpython that referenced this issue May 9, 2024
@zooba
Merge branch '3.13' into pythongh-118486-doc-3.13
7651f58
zooba added a commit that referenced this issue May 9, 2024
@zooba
gh-118486: Update docs for CVE-2024-4030 reference (GH-118737)
d86b494 
Update docs for CVE-2024-4030 reference
zooba added a commit to zooba/cpython that referenced this issue May 9, 2024
@zooba
Merge branch 'pythongh-118486-3.11' of https://github.com/zooba/cpython
1288fdc 
… into pythongh-118486-3.11
zooba added a commit that referenced this issue May 9, 2024
@zooba
gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488)
eb29e2f
@bedevere-app bedevere-app bot mentioned this issue May 14, 2024
Merged
zooba added a commit to zooba/cpython that referenced this issue May 14, 2024
@zooba
pythongh-118486: Simplify test_win32_mkdir_700 to check the exact ACL
f6ec3b1
zooba added a commit that referenced this issue May 15, 2024
@zooba
gh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (GH-1…
94591dc 
…19056)
miss-islington pushed a commit to miss-islington/cpython that referenced this issue May 15, 2024
@zooba @miss-islington
pythongh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (
4b6d638 
…pythonGH-119056)

(cherry picked from commit 94591dc)

Co-authored-by: Steve Dower <steve.dower@python.org>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue May 15, 2024
@zooba @miss-islington
pythongh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (
1da9d7d 
…pythonGH-119056)

(cherry picked from commit 94591dc)

Co-authored-by: Steve Dower <steve.dower@python.org>
This was referenced May 15, 2024
Merged
Merged
zooba added a commit to zooba/cpython that referenced this issue May 15, 2024
@zooba
pythongh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (
e598a53 
…pythonGH-119056)
zooba added a commit to zooba/cpython that referenced this issue May 15, 2024
@zooba
pythongh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (
77ede7c 
…pythonGH-119056)
zooba added a commit to zooba/cpython that referenced this issue May 15, 2024
@zooba
pythongh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (
1946e26 
…pythonGH-119056)
zooba added a commit to zooba/cpython that referenced this issue May 15, 2024
@zooba
pythongh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (
c4b3f7a 
…pythonGH-119056)
zooba added a commit that referenced this issue May 15, 2024
@miss-islington @zooba
gh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (GH-1…
e1dfa97 
…19056)

(cherry picked from commit 94591dc)

Co-authored-by: Steve Dower <steve.dower@python.org>
zooba added a commit that referenced this issue May 15, 2024
@miss-islington @zooba
gh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (GH-1…
6d0850c 
…19056)

(cherry picked from commit 94591dc)

Co-authored-by: Steve Dower <steve.dower@python.org>
ambv pushed a commit that referenced this issue May 24, 2024
@zooba
[3.11] gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488) (G…
35c799d 
…H-118739)
ambv added a commit to zooba/cpython that referenced this issue May 24, 2024
@ambv
Merge branch '3.10' into pythongh-118486-3.10
49746a0
ambv added a commit to zooba/cpython that referenced this issue May 24, 2024
@ambv
Merge branch '3.9' into pythongh-118486-3.9
8f0e88d
ambv added a commit to zooba/cpython that referenced this issue May 24, 2024
@ambv
Merge branch '3.8' into pythongh-118486-3.8
18afc1f
ambv added a commit that referenced this issue May 24, 2024
@zooba @ambv
[3.10] gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488) (G…
c8f868d 
…H-118740)

Co-authored-by: Łukasz Langa <lukasz@langa.pl>
ambv added a commit that referenced this issue May 24, 2024
@zooba @ambv
[3.9] gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488) (GH…
5130731 
…-118741)

Co-authored-by: Łukasz Langa <lukasz@langa.pl>
ambv added a commit that referenced this issue May 24, 2024
@zooba @ambv
[3.8] gh-118486: Support mkdir(mode=0o700) on Windows (GH-118488) (GH…
91e3669 
…-118742)

Co-authored-by: Łukasz Langa <lukasz@langa.pl>
@zooba zooba closed this as completed May 24, 2024
@JelleZijlstra JelleZijlstra mentioned this issue May 28, 2024
Closed
estyxx pushed a commit to estyxx/cpython that referenced this issue Jul 17, 2024
@zooba @estyxx
pythongh-118486: Simplify test_win32_mkdir_700 to check the exact ACL (
26483c7 
…pythonGH-119056)
@hssyoo hssyoo mentioned this issue Dec 17, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zooba zooba

Labels
3.8 (EOL) end of life 3.9 only security fixes 3.10 only security fixes 3.11 only security fixes 3.12 only security fixes OS-windows type-security A security issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zooba @nineteendo