[Tutor] os.access unreliable?
Steven D'Aprano
steve at pearwood.info
Wed Aug 25 12:15:26 CEST 2010
On Wed, 25 Aug 2010 06:28:47 pm Albert-Jan Roskam wrote:
> Hi,
>
> Hi I'm using os.access to do a preliminary check to see if I have RW
> access, but it seems to be unreliable. In a dir for which I have only
> read access, os.access also says I have write access. This is under
> Windows 2000. I could of course use a try-except and catch the
> IOError, but I'd like to know why the code below isn;t working.
As a general rule you need to use a try...except block anyway, otherwise
your code is vulnerable to race conditions.
In a multi-tasking operating system (like just about all OSes these
days, including Windows) there is no guarantee that just because you
had permission to read the file now you will still have it in a
millisecond when you try to open it. Or even that the file will still
exist.
If you're writing a quick script for dealing with files, you can get
away with taking the risk. But for more serious applications, there is
no getting away from try...except.
In this case, the Fine Manual specifically warns that relying on
os.access opens a potential security vulnerability:
http://docs.python.org/library/os.html#os.access
It also warns that os.access doesn't take into account network file
sharing permissions.
--
Steven D'Aprano
More information about the Tutor
mailing list