os.access() under windows

[Tim Golden]

[apologies if this double-posts; my email server's playing up]

Martin v. Löwis wrote:
 > In a POSIX world, you need read permission on the directory.
 > In Windows, with the "bypass-traversal-check" privilege,
 > you only need read permission on the directory if you want
 > to list it, not to access a file in the directory. Is it
 > actually possible for GetFileAttributes to ever fail for
 > security reasons?

After a little experimentation I can confirm:

* R_OK: A process with bypass-traversal-check priv. enabled
doesn't need any access to intervening directories in order
to get the attributes of a file within them. This means that
our existing R_OK result is accurate for any file: if we can
get its attributes then you can open the file for reading.

* W_OK: If a user has *only* read permission on a file
(regardless of the intervening directories), we'll still return
True for a W_OK check, as long the file doesn't have its read-only
bit set. This means that it's possible for os.access to return True
for a W_OK check on a file which can't then be opened for, say,
appending.

* X_OK: No idea what we should do with this.

In short, no further fiddling with the existing GetFileAttributes
solution is likely to achieve anything useful. The way to go would
be to use an AccessCheck solution which mirrors the approach used
on *nix: we ask the OS to check for r/w/x and return whatever it
returns. The exact semantics of that (eg on directories) are o/s
dependent and you need to refer to the docs for more info.

I hope to make time in the next few days to put forward a patch
to implement this in posixmodule.c.

TJG