On 3/20/19, Anders Munch <a...@flonidan.dk> wrote: > > You are right, I must have mentally reversed the polarity of the delete > argument. And I didn't realise that the access right on a file had the > power to prevent itself from being removed from the folder that it's in. I > thought the access flags were a property of the file itself and not the > directory entry. Not sure how that works.
In POSIX, it's secure so long as we use a directory that doesn't grant write access to other users, or one that has the sticky bit set such as "/tmp". A directory that has the sticky bit set allows only root and the owner of the file to unlink the file. In Windows, a user's default %TEMP% directory is only accessible by the user, SYSTEM, and Administrators. The only way others can delete a file there is if the file security is modified to allow it (possible for individual files, unlike POSIX). This works even with no access to the temp directory itself because users have SeChangeNotifyPrivilege, which bypasses traverse (execute) access checks. _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com