Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #99885

Re: how to make the below code look better

From Chris Angelico <rosuav@gmail.com>
Newsgroups comp.lang.python
Subject Re: how to make the below code look better
Date 2015-12-03 00:49 +1100
Message-ID <mailman.129.1449064154.14615.python-list@python.org> (permalink)
References <mailman.120.1449058284.14615.python-list@python.org> <565ef1eb$0$1604$c3e8da3$5496439d@news.astraweb.com>

Show all headers | View raw

On Thu, Dec 3, 2015 at 12:28 AM, Steven D'Aprano <steve@pearwood.info> wrote:
>> if not os.path.ismount("/tmp"):
>>            sys.exit("/tmp not mounted.")
>
> This is good enough for quick and dirty scripts, but this is vulnerable to a
> race condition. It may be that /tmp is mounted *now*, but a millisecond
> later (before you can use it) another process unmounts it.
>
> This is called a "time of check to time of use" bug:
>
> https://cwe.mitre.org/data/definitions/367.html
>
> https://www.owasp.org/index.php/Time_of_check,_time_of_use_race_condition
>
> https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use
>
> and can be a serious software vulnerability.
>
> If this code is only being used under trusted conditions, then it is
> probably okay, otherwise you should reconsider your strategy.
>
> (Besides, how often do you unmount /tmp?)
>

Possibly it's not worried about *un*mounting of /tmp, but about being
run prior to /tmp being mounted for the first time. If that's the
case, the check/use difference won't matter - worst case, the program
errors out even though the mount was almost completed.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

how to make the below code look better Ganesh Pal <ganesh1pal@gmail.com> - 2015-12-02 17:41 +0530
  Re: how to make the below code look better BartC <bc@freeuk.com> - 2015-12-02 12:20 +0000
    Re: how to make the below code look better Chris Angelico <rosuav@gmail.com> - 2015-12-02 23:31 +1100
  Re: how to make the below code look better Steven D'Aprano <steve@pearwood.info> - 2015-12-03 00:28 +1100
    Re: how to make the below code look better Chris Angelico <rosuav@gmail.com> - 2015-12-03 00:49 +1100
  Re: how to make the below code look better me <self@example.org> - 2015-12-02 15:23 +0000

csiph-web