14.05.19 19:50, Steven D'Aprano пише:
On Tue, May 14, 2019 at 02:43:03PM +0300, Serhiy Storchaka wrote:
Sorry, but I do not understand what problem do you try to solve. If
somebody can create a file named link_name between unlink and symlink,
he can also remove and create a file named link_name after symlink.
I don't think that is always correct, although I don't know if it makes
a difference to your point or to the risk of this (supposed) race
condition.
On posix systems, you should be able to use chattr +i to make the file
immutable, so that the attacker cannot remove or replace it. Normally
only root has the ability to do this, but other users can be granted
that capability. (I'm not sure how easy it is to call chattr from
Python.)
There may also be SELinux controls in place. I don't use SELinux myself
so I don't know what precisely.
This looks like two marginal case for including it in the stdlib. Python
does not provide API for "chattr +i", so you should use a subprocess for
creating an immutable temporary symlink before replacing the target. It
would be not easy to test this feature because you need to grant
specific capabilities to the Python interpreter.
This may be an interesting project on PyPi, but I do not think that we
need to include it in the stdlib. Because of little need and because of
complex errorprone implementation.
_______________________________________________
Python-ideas mailing list
Python-ideas@python.org
https://mail.python.org/mailman/listinfo/python-ideas
Code of Conduct: http://python.org/psf/codeofconduct/
