[Python-ideas] Implementation of shutil.move
Christian Heimes
lists at cheimes.de
Mon Aug 15 14:33:23 CEST 2011
Am 15.08.2011 14:17, schrieb Nick Coghlan:
> On Mon, Aug 15, 2011 at 9:42 PM, Devin Jeanpierre
> <jeanpierreda at gmail.com> wrote:
>> If it can't do things safely, it shouldn't do them at all.
>
> This pretty much sums up the reason why the standard lib is lacking in
> this area - it's hard to do anything more than the unsafe basics that
> isn't providing a *false* sense of security for at least some use
> cases. Good exploration of the possibilities, though.
I have to agree with Nick. The worst mistake we could make is to declare
something as secure although it is flawed.
Most people don't have to worry about race conditions when renaming a
file. The majority of Python apps aren't working in a hostile
environment (e.g. hostile users should not be able to modify
directories) or don't need more security than a shell script. Let's hope
that the few system level programs are written by professionals.
Another good thing is the fact that rename(2) already takes symlink
attacks into account. It doesn't follow symlinks newpath but replaces
the link instead.
Christian
More information about the Python-ideas
mailing list