Bugs item #872769, was opened at 2004-01-08 02:40 Message generated for change (Comment added) made by birkenfeld You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=872769&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Documentation Group: None >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: seth arnold (setharnold) >Assigned to: Reinhold Birkenfeld (birkenfeld) Summary: os.access() documentation should stress race conditions Initial Comment: Every version of the documentation I've seen associated with the os.access() function neglects to mention that its use is almost always a security vulnerability. For the versions of python that are still maintained, I'd like to see the documentation for this function expanded to include a paragraph very similar to the warning given in my system's access(2) manpage: Using access to check if a user is authorized to e.g., open a file before actually doing so using open(2) creates a security hole, because the user might exploit the short time interval between checking and opening the file to manipulate it. (This paragraph comes from a Debian system; if it is more work to validate the license on this manpage for including this paragraph here, I'd be happy to write some new content under whatever license is required to get a warning included.) Of course, there are web-based documents derived from the module's built-in documentation. It'd be keen if whoever fixes this in the module could poke the website document maintainer and ask them to regenerate the content. Thanks! ---------------------------------------------------------------------- >Comment By: Reinhold Birkenfeld (birkenfeld) Date: 2005-07-17 23:10 Message: Logged In: YES user_id=1188172 Thanks for the suggestion. Committed as Doc/lib/libos.tex r1.163, r1.146.2.9. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105470&aid=872769&group_id=5470 _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
