Bugs item #1117601, was opened at 2005-02-07 00:57
Message generated for change (Comment added) made by sbennett
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1117601&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: Platform-specific
Status: Open
Resolution: None
Priority: 5
Submitted By: Stephen Bennett (sbennett)
Assigned to: Nobody/Anonymous (nobody)
Summary: os.path.exists returns false negatives in MAC environments.
Initial Comment:
In Mandatory Access Control environments (such as
SELinux), it's quite possible for stat to fail with
permission denied. In this case, os.path.exists will
return False incorrectly. The simple(ish) fix is to
check for an access denied error (which would indicate
present, but not readable) when using stat to check for
existence of files.
----------------------------------------------------------------------
>Comment By: Stephen Bennett (sbennett)
Date: 2005-05-31 12:56
Message:
Logged In: YES
user_id=817465
In the case of /etc/shadow/abc123, the stat will fail with
"Not a directory". However, attempting to stat /root/abc123
as a limited account will return permission denied unless
you have the search permission to the parent directory.
However, this is an issue with regular Unix permissions too
-- try to stat() a file that's inside a directory with 000
permissions.
One possible way around this is to attempt to get a listing
of the parent dir if the stat fails with permission denied
-- if it succeeds then the file exists but can't be statted;
if it fails then (at least for the purposes of the library
functions) if doesn't.
----------------------------------------------------------------------
Comment By: Josiah Carlson (josiahcarlson)
Date: 2005-05-31 07:09
Message:
Logged In: YES
user_id=341410
I believe Terry was curious about something like
os.path.exists("/etc/shadow/abc123") vs `ls -l
/etc/shadow/abc123`. If not, I know I am curious, and I
believe it may help with a corner case.
----------------------------------------------------------------------
Comment By: Stephen Bennett (sbennett)
Date: 2005-02-16 22:46
Message:
Logged In: YES
user_id=817465
As far as I know (at least for SELinux), permission denied
on stat() always means that the file exists, but getattr
isn't allowed. As for a reproducible test case, probably the
simplest example is a vanilla Fedora Core 3 system with
SELinux enabled and strict policy. From a regular user
account, call os.path.exists("/etc/shadow"). It will return
False even though the file exists. For comparison, an `ls -l
/etc/shadow` from the command line will simply print
'Permission Denied'.
----------------------------------------------------------------------
Comment By: Terry J. Reedy (tjreedy)
Date: 2005-02-16 20:26
Message:
Logged In: YES
user_id=593130
Does 'access denied' always mean 'present but not readable'
in every environment that gives such messages? I ask
because I have vague memories of wasting time trying to
get access to something that did not exist, because access
denied (or something like that) meant that I was denied
access even to info about whether it existed or not.
In any case, a reproducible example would help someone to
verify, fix, and write a test case for this if it is deemed to be
a fixable bug.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1117601&group_id=5470
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
