[Python-Dev] [Python-checkins] cpython (2.7): Fix closes issue10761: tarfile.extractall failure when symlinked files are

Eli Bendersky eliben at gmail.com
Fri Apr 29 10:02:51 CEST 2011


On Fri, Apr 29, 2011 at 09:52, Nick Coghlan <ncoghlan at gmail.com> wrote:
> On Fri, Apr 29, 2011 at 4:26 PM, Eli Bendersky <eliben at gmail.com> wrote:
>>>> On Thu, Apr 28, 2011 at 04:20:06PM +0200, Éric Araujo wrote:
>>> The kind of race condition which can happen here is if an attacker
>>> creates "targetpath" between os.path.exists and os.unlink. Whether it
>>> is an exploitable flaw would need a detailed analysis, of course.
>>>
>>
>> Just out of curiosity, could you please elaborate on the potential
>> threat of this? If the "exists" condition is true, targetpath already
>> exists, so what use there is in overwriting it? If the condition is
>> false, unlink isn't executed, so no harm either. What am I missing?
>
> That's the "detailed analysis" part. What happens if other code
> deletes the path, and the unlink() call subsequently fails despite the
> successful exists() check? Hence why exception checking (as Nadeem
> posted) is typically the only right way to do things that access an
> external environment that supports multiple concurrent processes.
>

I completely understand this "other code/thread deletes the path
between exists() and unlink()" case - it indeed is a race condition
waiting to happen. What I didn't understand was Antoine's example of
"attacker creates targetpath between os.path.exists and os.unlink",
and was asking for a more detailed example, since I'm not really
experienced with security-oriented thinking.

Eli


More information about the Python-Dev mailing list