Antoine Pitrou wrote:
Oh, and by the way, there can be a race condition between __pycache__ creation and deletion (if it fails the test)
You can check whether the directory would be created with the right user beforehand, and if not, don't create one at all. To exploit a race condition there, the attacker would have to be capable of either changing the owner of the parent directory or removing it and replacing it with a different one, and if he can do that, he can do whatever he wants anyway. -- Greg _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
