[ python-Bugs-872769 ] os.access() documentation should stress race
conditions
SourceForge.net
noreply at sourceforge.net
Wed Jan 7 20:40:35 EST 2004
Bugs item #872769, was opened at 2004-01-07 17:40
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=872769&group_id=5470
Category: Documentation
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: seth arnold (setharnold)
Assigned to: Nobody/Anonymous (nobody)
Summary: os.access() documentation should stress race conditions
Initial Comment:
Every version of the documentation I've seen associated
with the os.access() function neglects to mention that
its use is almost always a security vulnerability.
For the versions of python that are still maintained,
I'd like to see the documentation for this function
expanded to include a paragraph very similar to the
warning given in my system's access(2) manpage:
Using access to check if a user is authorized to e.g.,
open a file before actually doing so using open(2)
creates a security hole, because the user might exploit
the short time interval between checking and opening
the file to manipulate it.
(This paragraph comes from a Debian system; if it is
more work to validate the license on this manpage for
including this paragraph here, I'd be happy to write
some new content under whatever license is required to
get a warning included.)
Of course, there are web-based documents derived from
the module's built-in documentation. It'd be keen if
whoever fixes this in the module could poke the website
document maintainer and ask them to regenerate the content.
Thanks!
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=872769&group_id=5470
More information about the Python-bugs-list
mailing list