[Python-Dev] FWD: Python execvpe symlink race condition.

[Zack Weinberg]

Aahz <aahz@pythoncraft.com> writes:

> Not sure what to do about this, but I don't have the time to check into
> it.
...

>> os.py at def _execvpe(file, args, env=None):
>> ********************************************
>>            import tempfile
>>            t = tempfile.mktemp()
>>            # Exec a file that is guaranteed not to exist
>>            try: execv(t, ('blah',))
>>            except error, _notfound: pass
>> 
>> It is possible, to create a link of the file to be executed (t) in the 
>> limited time window between the statements
>> os.path.exists(file) in tempfile.py and execv(t, ('blah',)) in os.py are 
>> executed.

That is exactly the signature of one of the tempfile bugs that I
fixed.  I do not know whether any official 2.2.x release has yet
occurred that includes the bugfix.

zw