gh-133562: Skip security descriptors on unsupported Windows API partitions (GH-133563)

2025-07-07 19:35:27 +00:00 · 2025-05-14 13:34:41 +02:00 · 2025-05-14 13:34:41 +02:00 · e528aef7e2
commit e528aef7e2
parent 3e23047363
2 changed files with 5 additions and 0 deletions
--- a/Misc/NEWS.d/next/Windows/2025-05-07-09-02-19.gh-issue-133562.lqqNW1.rst
+++ b/Misc/NEWS.d/next/Windows/2025-05-07-09-02-19.gh-issue-133562.lqqNW1.rst
@ -0,0 +1 @@
+Disable handling of security descriptors by :func:`os.mkdir` with mode ``0o700`` on WinAPI partitions that do not support it. This only affects custom builds for specialized targets.
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@ -5736,6 +5736,9 @@ os_mkdir_impl(PyObject *module, path_t *path, int mode, int dir_fd)

 #ifdef MS_WINDOWS
    Py_BEGIN_ALLOW_THREADS
+    // For API sets that don't support these APIs, we have no choice
+    // but to silently create a directory with default ACL.
+#if defined(MS_WINDOWS_APP) || defined(MS_WINDOWS_SYSTEM)
    if (mode == 0700 /* 0o700 */) {
        ULONG sdSize;
        pSecAttr = &secAttr;
@ -5751,6 +5754,7 @@ os_mkdir_impl(PyObject *module, path_t *path, int mode, int dir_fd)
            error = GetLastError();
        }
    }
+#endif
    if (!error) {
        result = CreateDirectoryW(path->wide, pSecAttr);
        if (secAttr.lpSecurityDescriptor &&
				`@ -0,0 +1 @@`
				Disable handling of security descriptors by :func:`os.mkdir` with mode ``0o700`` on WinAPI partitions that do not support it. This only affects custom builds for specialized targets.