Christian Heimes
Christian Heimes
It's a known and well-documented behavior of the tar module: https://docs.python.org/2.7/library/tarfile.html#tarfile.TarFile.extractall
Don't forget about SUID and SGID, too.
There is some new research on the topic, see https://snyk.io/research/zip-slip-vulnerability, https://github.com/snyk/zip-slip-vulnerability/issues/4#issuecomment-395848367 and BPO bpo-35909
New changeset 088dd76dba68c2538776d9920607f81e54544cbd by Dong-hee Na in branch 'main': bpo-46541: Remove unnecessary Py_VISIT (GH-31608) https://github.com/python/cpython/commit/088dd76dba68c2538776d9920607f81e54544cbd
`_bootsubprocess` was removed because it was a hack which is no longer needed for any supported platforms. I didn't realize that it is used by AIX because that platform is...
You do not need to include ``_testcapi/vectorcall.c`` in ``MODULE__TESTCAPI_DEPS``. It is already listed as dependency for ``_testcapi`` in the Setup file.
> Thank you for the fix! I'll hammer test-with-buildbots next time I touch the buildsystem. (I wonder why this issue didn't get the broken buildbot notification, though...) We think that...
I agree with both of you. The documention should explicitly state that the audit hooks are for auditing. They are not designed to sandbox Python. When used correctly, they can...
Python's dynamic nature makes it hard to implement and reason about audit hooks written in Python. sys.addaudithook() is really only design for testing, debugging, and playing around with auditing. You...
We have helper code to block / force imports to test both pure and C accelerated features. ``` from test.support.import_helper import import_fresh_module copy_py = import_fresh_module('copy', blocked=['_copy']) try: copy_c = import_fresh_module('copy',...