On Mon, 31 Mar 2008 14:52:50 +0200 Nico Golde <[EMAIL PROTECTED]> wrote: > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2008-01-27 20:32]: > > Completely predictable filenames and chmodding after creation open this up > > for symlink attack. > > I just had a look at this issue and can not confirm what you > said. Can you please come up with an exploit scenario? > > You are right, the directory names are predictable and there > is of course a race condition between if not os.path.exists > and the mkdir call. But if the name is a dangling symlink > mkdir will fail because the file already exist. > > Did you test this?
Ah, no, I did not. I just checked python's behaviour and it refused to create a directory on a symlink. I assumed that it would just follow the symlink like touch(1) does on files. I guess it is not exploitable, then. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]