On Thu, 28 Apr 2011 22:44:50 +0800 Senthil Kumaran email@example.com wrote:
On Thu, Apr 28, 2011 at 04:20:06PM +0200, Éric Araujo wrote:
if hasattr(os, "symlink") and hasattr(os, "link"): # For systems that support symbolic and hard links. if tarinfo.issym():
Is there a race condition here?
The lock to avoid race conditions (if you were thinking along those lines) would usually be implemented at the higher level code which is using extractall in threads.
A lock would only protect only against multi-threaded use of the tarfile module, which is probably quite rare and therefore not a real concern. The kind of race condition which can happen here is if an attacker creates "targetpath" between os.path.exists and os.unlink. Whether it is an exploitable flaw would need a detailed analysis, of course.