[Python-Dev] __pycache__ creation

[Greg Ewing]

Antoine Pitrou wrote:
> Oh, and by the way, there can be a race condition between __pycache__ 
> creation and deletion (if it fails the test)

You can check whether the directory would be created with
the right user beforehand, and if not, don't create one
at all.

To exploit a race condition there, the attacker would have
to be capable of either changing the owner of the parent
directory or removing it and replacing it with a different
one, and if he can do that, he can do whatever he wants
anyway.

-- 
Greg