summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorNatalia <124304+nessita@users.noreply.github.com>2026-01-21 18:03:20 -0300
committerNatalia <124304+nessita@users.noreply.github.com>2026-03-03 09:09:32 -0300
commit019e44f67a8dace67b786e2818938c8691132988 (patch)
tree237a80ce8cc5a35a18968b92da5827c5131f829f /scripts
parent951ffb3832cd83ba672c1e3deae2bda128eb9cca (diff)
Fixed CVE-2026-25674 -- Prevented potentially incorrect permissions on file system object creation.
This fix introduces `safe_makedirs()` in the `os` utils as a safer alternative to `os.makedirs()` that avoids umask-related race conditions in multi-threaded environments. This is a workaround for https://github.com/python/cpython/issues/86533 and the solution is based on the fix being proposed for CPython. Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com> Co-authored-by: Zackery Spytz <zspytz@gmail.com> Refs CVE-2020-24583 and #31921. Thanks Tarek Nakkouch for the report, and Jake Howard, Jacob Walls, and Shai Berger for reviews.
Diffstat (limited to 'scripts')
0 files changed, 0 insertions, 0 deletions