On Nov 23, 3:56 pm, [EMAIL PROTECTED] (Brandon S. Allbery KF8NH) wrote: > I think you're seeing something other than what we are. Checking any > external resource before operating on it introduces a race condition > which can allow an attacker to swap resources on you, so the item you > (in this case) chown() isn't the one you tested.
If the "chown" is restricted then it's going to fail anyway, assuming that the underlying Unix function fails. If "chown" can succeed incorrectly then there's nothing that P6 can do to prevent that. My only reason for mentioning the "is restricted" check (or, indeed, knowing that it existed) is that the existing S16 suggested using it. I completely agree that returning a failure object is a better approach -- which is why that is what I changed the Synopsis to say.