From e528aef7e2952a11119cf95c9198ad183dc7af7f Mon Sep 17 00:00:00 2001 From: Max Bachmann Date: Wed, 14 May 2025 13:34:41 +0200 Subject: [PATCH] gh-133562: Skip security descriptors on unsupported Windows API partitions (GH-133563) --- .../Windows/2025-05-07-09-02-19.gh-issue-133562.lqqNW1.rst | 1 + Modules/posixmodule.c | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 Misc/NEWS.d/next/Windows/2025-05-07-09-02-19.gh-issue-133562.lqqNW1.rst diff --git a/Misc/NEWS.d/next/Windows/2025-05-07-09-02-19.gh-issue-133562.lqqNW1.rst b/Misc/NEWS.d/next/Windows/2025-05-07-09-02-19.gh-issue-133562.lqqNW1.rst new file mode 100644 index 000000000000..884425b839a2 --- /dev/null +++ b/Misc/NEWS.d/next/Windows/2025-05-07-09-02-19.gh-issue-133562.lqqNW1.rst @@ -0,0 +1 @@ +Disable handling of security descriptors by :func:`os.mkdir` with mode ``0o700`` on WinAPI partitions that do not support it. This only affects custom builds for specialized targets. diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c index 9cc0533f0dcf..bb3bfe802b93 100644 --- a/Modules/posixmodule.c +++ b/Modules/posixmodule.c @@ -5736,6 +5736,9 @@ os_mkdir_impl(PyObject *module, path_t *path, int mode, int dir_fd) #ifdef MS_WINDOWS Py_BEGIN_ALLOW_THREADS + // For API sets that don't support these APIs, we have no choice + // but to silently create a directory with default ACL. +#if defined(MS_WINDOWS_APP) || defined(MS_WINDOWS_SYSTEM) if (mode == 0700 /* 0o700 */) { ULONG sdSize; pSecAttr = &secAttr; @@ -5751,6 +5754,7 @@ os_mkdir_impl(PyObject *module, path_t *path, int mode, int dir_fd) error = GetLastError(); } } +#endif if (!error) { result = CreateDirectoryW(path->wide, pSecAttr); if (secAttr.lpSecurityDescriptor && -- 2.47.3