[New-bugs-announce] [issue7412] distutils install race condition

Rene Dudfield report at bugs.python.org
Mon Nov 30 10:01:06 CET 2009

New submission from Rene Dudfield <illume at users.sourceforge.net>:


Pythons distutils has a race condition where it starts to copy files
into the python path whilst installing.

This is a race condition, since python programs can be importing the
package whilst the package is being installed.

It would be good for distutils to install things in an atomic manner.
Where things can be installed, or not installed. Like, on unix by moving
the files in from a temporary directory. This would also help reduce
breakages. Since if a package breaks half way installing a package then
the broken version will not over write the existing version.

It's not a very serious problem, since most people don't install things
on live important systems(but some do).  It does make hard to diagnose
problems though... which are good ones to fix.  Most packaging tools fix
the issues with the source installs (eg, using .deb installers).

I've only looked at the source install, but I imagine other install
methods might be affected too.  


Perhaps files should be created in the /tmp first, and then moved in.

/tmp/ can be in a different file system so a rename won't work in that
case on some OSes.  If you create the temp directory in the same
directory as the directory to install.  In that case rename doesn't
work, using the temp file system(eg /tmp) and then copying to a temp
directory in the site-packages directory, with finally a move into place.

If copying to the site-packages before moving, then there could be left
over temp files in the site-packages directory.  So these would need to
be considered, and cruft cleaned up.  This is why using the normal temp
directory would be better, since the temp files will be cleaned as
normal policy on the system.
setuptools/distribute writes the .egg-info at the end of the install. 
This should also use a move for install, for the same reasons.  However,
there might still be a separate race condition since that lives in a
different directory.  Since you can not atomically move two things at
once( I think? ) the .egg-info will continue to be a race condition,
unless both directories are moved into the same one.

Just as moving packages into place will make the installs more robust,
so will testing the packages before moving them into place.  Some way to
test the install before moving it into place would be good.  Or at least
trying to import the package in a sub process.  Taking advantage of the
test command could be an idea.  Test before moving into place would give
a better chance of good packages being used.  Import before moving into
place could also help.

assignee: tarek
components: Distutils
messages: 95833
nosy: illume, tarek
severity: normal
status: open
title: distutils install race condition
type: security

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list