-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 12.09.2011 16:43, schrieb Merlijn van Deen:
On 12 September 2011 16:00, Dr. Trigon <dr.trigon@surfeu.ch mailto:dr.trigon@surfeu.ch> wrote:
So this "IOError: [Errno 2] No such file or directory: ..." was NOT triggered because of an not existing file, BUT because of the syntax not accepted. I do not want to state that there is no possibility to cheat this way, but the obvious one suggested, does not work in python
Interesting theory, but not true:
valhallasw@nightshade:~$ cat > test.file blah valhallasw@nightshade:~$ python Python 2.7.1 (r271:86832, Jan 4 2011, 13:57:14) [GCC 4.5.2] on sunos5 Type "help", "copyright", "credits" or "license" for more information.
open("/home/valhallasw/src/../test.file").readlines()
['blah\n']
May sound curios but I'm happy to read this. Since this is what I also expected. But honestly I tried this - and did it again right now. The result; you are right - but me too! Strange, isn't it... In fact i was fooled because instead of the 'src' directory you use in your example, I used a symlink and '..' does not lead back to the same directory as it was... (my mistake)
Please always double-check these things in security-related issues.
That is exactly the reason why I wrote this mail and bothered you... ;) Thus; thanks a lot for correcting me!
Greetings