On Fri, Apr 29, 2011 at 09:52, Nick Coghlan <ncogh...@gmail.com> wrote: > On Fri, Apr 29, 2011 at 4:26 PM, Eli Bendersky <eli...@gmail.com> wrote: >>>> On Thu, Apr 28, 2011 at 04:20:06PM +0200, Éric Araujo wrote: >>> The kind of race condition which can happen here is if an attacker >>> creates "targetpath" between os.path.exists and os.unlink. Whether it >>> is an exploitable flaw would need a detailed analysis, of course. >>> >> >> Just out of curiosity, could you please elaborate on the potential >> threat of this? If the "exists" condition is true, targetpath already >> exists, so what use there is in overwriting it? If the condition is >> false, unlink isn't executed, so no harm either. What am I missing? > > That's the "detailed analysis" part. What happens if other code > deletes the path, and the unlink() call subsequently fails despite the > successful exists() check? Hence why exception checking (as Nadeem > posted) is typically the only right way to do things that access an > external environment that supports multiple concurrent processes. >
I completely understand this "other code/thread deletes the path between exists() and unlink()" case - it indeed is a race condition waiting to happen. What I didn't understand was Antoine's example of "attacker creates targetpath between os.path.exists and os.unlink", and was asking for a more detailed example, since I'm not really experienced with security-oriented thinking. Eli _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com