<blockquote class="gmail_quote" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; ">
<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">You have to modify at least the C functions</span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); "><br>
</span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); "> Modules/_io/_iomodule.c:io_open()<br></span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); "> Modules/_io/fileio.c:fileio_init()</span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); "><br>
</span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">as well as the pure python implementation</span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); "><br>
</span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); "> Lib/_pyio.py</span></blockquote><div><br></div>Thanks for the info - it will save me looking for it :-)<div>
<br><div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">Well, that's basically what I was getting at. I don't like the idea of</div>
silently falling back to the unsafe thing one bit. It wouldn't be so<br>
bad to have something that tries to do it without any race conditions<br>
etc., and raises an exception if this isn't possible.</blockquote><div><br></div><blockquote class="gmail_quote" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0.8ex; border-left-width: 1px; border-left-color: rgb(204, 204, 204); border-left-style: solid; padding-left: 1ex; ">
<span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">This may sound harsh. If you proposed changes don't survive hostiles<br></span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">environment then there is no reason in implementing them at all. It's<br>
</span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">the false sense of security Nick was talking about earlier. At best your<br></span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">solution is slightly less insecure but still insecure and a loophole for<br>
</span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">exploits. IMHO you should update the docs and explain why and how some<br></span><span class="Apple-style-span" style="font-family: arial, sans-serif; font-size: 13px; background-color: rgb(255, 255, 255); ">operations are subjected to race conditions.</span></blockquote>
<div><br></div><div> So a new function, say safe_copy(), tries to copy securely. If it can't, then an exception is raised. The user can then do something like:</div><div><br></div><div>try:</div><div> safe_copy(src, dst)</div>
<div>except Error:</div><div> logging.warning('Unsafe copy in progress')</div><div> copy2(src, dst)</div><div><br></div><div>My question now is whether there is really a need for this. The other option is, as Christian says, to document the problem and perhaps present an recipe for avoiding it.</div>
</div></div></div>