Skip to content

Conversation

uellue
Copy link

@uellue uellue commented Oct 23, 2023

Watching a tree containing a symlink to '/' adds a watch to the whole file system, which is probably unwanted. To avoid such behavior by default, following symlinks has to be enabled explicitly. The code may still be vulnerable to TOCTOU.

Further changes:

  • Use os.walk() to traverse the tree to watch
  • Remove duplicate add_watch() for IN_MOVED_TO
  • flake8
  • Warn instead of failing hard if adding a watch in a tree fails. Can be, for example, a permission error.

Watching a tree containing a symlink to '/' adds a watch to the whole file system, which is probably unwanted.
To avoid such behavior by default, following symlinks has to be enabled explicitly. The code may still be vulnerable
to TOCTOU.

Further changes:

* Use `os.walk()` to traverse the tree to watch
* Remove duplicate `add_watch()` for `IN_MOVED_TO`
* flake8
* Warn instead of failing hard if adding a watch in a tree fails.
  Can be, for example, a permission error.
@uellue
Copy link
Author

uellue commented Oct 23, 2023

About the older Python versions: Are they still relevant?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant