classification
Title: racecondition
Type: security Stage: resolved
Components: Build Versions: Python 2.7
process
Status: closed Resolution: not a bug
Dependencies: Superseder:
Assigned To: Nosy List: Dhiraj_Mishra, methane
Priority: normal Keywords:

Created on 2018-07-24 14:31 by Dhiraj_Mishra, last changed 2018-07-27 09:44 by methane. This issue is now closed.

Messages (2)
msg322305 - (view) Author: Dhiraj (Dhiraj_Mishra) * Date: 2018-07-24 14:31
File: /cpython/blob/master/Modules/posixmodule.c#L2657

#endif
        result = access(path->narrow, mode);
    Py_END_ALLOW_THREADS
    return_value = !result;
#endif

If an attacker could change anything along the path between the call `access()` and the files actually used, it may exploit the race condition or a time-of-check, time-of-use race condition

https://linux.die.net/man/2/access
msg322334 - (view) Author: Inada Naoki (methane) * (Python committer) Date: 2018-07-25 00:12
https://docs.python.org/3/library/os.html#os.access
It is already documented.  What's point of this issue?
History
Date User Action Args
2018-07-27 09:44:13methanesetstatus: open -> closed
resolution: not a bug
stage: resolved
2018-07-25 00:12:49methanesetnosy: + methane
messages: + msg322334
2018-07-24 14:31:37Dhiraj_Mishracreate