Path: csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail From: Chris Angelico Newsgroups: comp.lang.python Subject: Re: how to make the below code look better Date: Thu, 3 Dec 2015 00:49:10 +1100 Lines: 30 Message-ID: References: <565ef1eb$0$1604$c3e8da3$5496439d@news.astraweb.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Trace: news.uni-berlin.de dD1JdUreaxjNohrUGmoruQL9Eepy6ssrtr8isExII7hQ== Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.101 X-Spam-Level: * X-Spam-Evidence: '*H*': 0.80; '*S*': 0.00; 'subject:code': 0.07; 'cc:addr:python-list': 0.09; 'scripts,': 0.09; 'thu,': 0.15; '(before': 0.16; 'bug:': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'received:io': 0.16; 'received:psf.io': 0.16; 'subject:make': 0.16; 'worst': 0.16; 'wrote:': 0.16; 'later': 0.16; '2015': 0.20; 'cc:2**0': 0.20; 'cc:addr:python.org': 0.20; 'am,': 0.23; 'dec': 0.23; 'errors': 0.23; 'header:In-Reply-To:1': 0.24; 'message-id:@mail.gmail.com': 0.27; 'url:wikipedia': 0.29; 'url:wiki': 0.30; 'code': 0.30; 'probably': 0.31; 'another': 0.32; 'possibly': 0.32; 'run': 0.33; "d'aprano": 0.33; 'steven': 0.33; 'case,': 0.34; 'received:google.com': 0.35; 'but': 0.36; 'should': 0.36; 'url:org': 0.36; 'received:209.85': 0.36; 'subject:: ': 0.37; 'being': 0.37; 'received:209.85.213': 0.37; 'difference': 0.38; "won't": 0.38; 'received:209': 0.38; 'skip:o 20': 0.38; 'url:en': 0.39; 'subject:the': 0.39; 'enough': 0.39; 'called': 0.40; 'software': 0.40; 'your': 0.60; 'matter': 0.63; 'trusted': 0.64; 'url:index': 0.67; 'race': 0.72; 'chrisa': 0.84; 'conditions,': 0.84; 'strategy.': 0.84; 'subject:below': 0.84; 'vulnerable': 0.84; 'worried': 0.84; 'url:php': 0.86; 'to:none': 0.91; 'use"': 0.91; 'dirty': 0.93; 'serious': 0.97 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=I1DsbPa+4ccJr3ZKYxF0F9HmUUcvPnZeeLfhksTRHjI=; b=fH9tV8x3MgC60L11X0264Pyk1Dc29mQImukadkb/CHpEJDkDDbrohxyPAnR9OnuNVs 2lcVrWqy/DYqTYjwBQ3px4U8LCYvR5zNA/mmI+/KW6lo7651ARkC79zp45r98YDJZVzO TgjS90axGk9KVkzjgEVlMVugxgrN87vQZ2yCIG3hCfoSKl+88Ri1na4bylZQtQ5Ug1Is XEQzHus6qWdGkj4imBosfWRTMZThnfsNiIaoZ/VCMv+Dv9OdCsuzFLKmN0Gn4VXJv7Yr xuZCS06lDpE4V+86GoCxQ+UlK7jnXa52Vh4UMkcE8e8xzV35MVHpv9D1F62nT+2iMsb6 JUNw== X-Received: by 10.50.30.6 with SMTP id o6mr34330202igh.94.1449064150891; Wed, 02 Dec 2015 05:49:10 -0800 (PST) In-Reply-To: <565ef1eb$0$1604$c3e8da3$5496439d@news.astraweb.com> X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.20+ Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Xref: csiph.com comp.lang.python:99885 On Thu, Dec 3, 2015 at 12:28 AM, Steven D'Aprano wrote: >> if not os.path.ismount("/tmp"): >> sys.exit("/tmp not mounted.") > > This is good enough for quick and dirty scripts, but this is vulnerable to a > race condition. It may be that /tmp is mounted *now*, but a millisecond > later (before you can use it) another process unmounts it. > > This is called a "time of check to time of use" bug: > > https://cwe.mitre.org/data/definitions/367.html > > https://www.owasp.org/index.php/Time_of_check,_time_of_use_race_condition > > https://en.wikipedia.org/wiki/Time_of_check_to_time_of_use > > and can be a serious software vulnerability. > > If this code is only being used under trusted conditions, then it is > probably okay, otherwise you should reconsider your strategy. > > (Besides, how often do you unmount /tmp?) > Possibly it's not worried about *un*mounting of /tmp, but about being run prior to /tmp being mounted for the first time. If that's the case, the check/use difference won't matter - worst case, the program errors out even though the mount was almost completed. ChrisA