[Python-Dev] pycache creation (original) (raw)

Greg Ewing greg.ewing at canterbury.ac.nz
Tue Mar 23 01:23:41 CET 2010

• Previous message: [Python-Dev] __pycache__ creation
• Next message: [Python-Dev] PEP 3147, __pycache__ directories and umask
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Antoine Pitrou wrote:

Oh, and by the way, there can be a race condition between pycache creation and deletion (if it fails the test)

You can check whether the directory would be created with the right user beforehand, and if not, don't create one at all.

To exploit a race condition there, the attacker would have to be capable of either changing the owner of the parent directory or removing it and replacing it with a different one, and if he can do that, he can do whatever he wants anyway.

-- Greg

• Previous message: [Python-Dev] __pycache__ creation
• Next message: [Python-Dev] PEP 3147, __pycache__ directories and umask
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list