-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Am 12.09.2011 16:43, schrieb Merlijn van Deen:
On 12 September 2011 16:00, Dr. Trigon
<dr.trigon(a)surfeu.ch
<mailto:dr.trigon@surfeu.ch>> wrote:
So this "IOError: [Errno 2] No such file or directory: ..." was
NOT triggered because of an not existing file, BUT because of the
syntax not accepted. I do not want to state that there is no
possibility to cheat this way, but the obvious one suggested, does
not work in python
Interesting theory, but not true:
valhallasw@nightshade:~$ cat > test.file blah
valhallasw@nightshade:~$ python Python 2.7.1 (r271:86832, Jan 4
2011, 13:57:14) [GCC 4.5.2] on sunos5 Type "help", "copyright",
"credits" or "license" for more information.
>>
open("/home/valhallasw/src/../test.file").readlines()
['blah\n']
May sound curios but I'm happy to read this. Since this is what I also
expected. But honestly I tried this - and did it again right now.
The result; you are right - but me too! Strange, isn't it...
In fact i was fooled because instead of the 'src' directory you use
in your example, I used a symlink and '..' does not lead back to the
same directory as it was... (my mistake)
Please always double-check these things in
security-related
issues.
That is exactly the reason why I wrote this mail and bothered you... ;)
Thus; thanks a lot for correcting me!
Greetings
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org/
iEYEARECAAYFAk5uIzcACgkQAXWvBxzBrDBGCACZAfnV8535+he7yQW3ZMiCHVx/
2JEAoKQKUhaE8N7KBRCmzK3RulhRhge1
=pplH
-----END PGP SIGNATURE-----