Security implications of using open() on untrusted strings.
Jorgen Grahn
grahn+nntp at snipabacken.se
Tue Nov 25 16:58:27 EST 2008
On Tue, 25 Nov 2008 20:40:57 +1300, Lawrence D'Oliveiro <ldo at geek-central.gen.new_zealand> wrote:
> Jorgen Grahn wrote:
>
>> Seems to me you simply want to know beforehand that the reading will
>> work. But you can never check that! You can stat(2) the file, or
>> open-and-close it -- and then a microsecond later, someone deletes the
>> file, or replaces it with another one, or write-protects it, or mounts
>> a file system on top of its directory, or drops a nuke over the city,
>> or ...
>
> Depends on what exactly you're trying to guard against. Your
> comments would apply, for example, to a set-uid program being run by a
> potentially hostile local user
Yeah, I know. I covered that in the part you snipped: "Nor seems the
'user' input come from some other user than the one your program is
running as, nor from some input source which the user cannot be held
responsible for."
/Jorgen
--
// Jorgen Grahn <grahn@ Ph'nglui mglw'nafh Cthulhu
\X/ snipabacken.se> R'lyeh wgah'nagl fhtagn!
More information about the Python-list
mailing list