➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2004-01-08 01:40 by setharnold, last changed 2022-04-11 14:56 by admin. This issue is now closed.
| Messages (2) | |||
|---|---|---|---|
| msg19579 - (view) | Author: seth arnold (setharnold) | Date: 2004-01-08 01:40 | |
Every version of the documentation I've seen associated with the os.access() function neglects to mention that its use is almost always a security vulnerability. For the versions of python that are still maintained, I'd like to see the documentation for this function expanded to include a paragraph very similar to the warning given in my system's access(2) manpage: Using access to check if a user is authorized to e.g., open a file before actually doing so using open(2) creates a security hole, because the user might exploit the short time interval between checking and opening the file to manipulate it. (This paragraph comes from a Debian system; if it is more work to validate the license on this manpage for including this paragraph here, I'd be happy to write some new content under whatever license is required to get a warning included.) Of course, there are web-based documents derived from the module's built-in documentation. It'd be keen if whoever fixes this in the module could poke the website document maintainer and ask them to regenerate the content. Thanks! |
|||
| msg19580 - (view) | Author: Georg Brandl (georg.brandl) *  |
Date: 2005-07-17 21:10 | |
Logged In: YES user_id=1188172 Thanks for the suggestion. Committed as Doc/lib/libos.tex r1.163, r1.146.2.9. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:56:02 | admin | set | github: 39783 |
| 2004-01-08 01:40:35 | setharnold | create | |