[issue34209] racecondition
Dhiraj
report at bugs.python.org
Tue Jul 24 10:31:37 EDT 2018
New submission from Dhiraj <mishra.dhiraj95 at gmail.com>:
File: /cpython/blob/master/Modules/posixmodule.c#L2657
#endif
result = access(path->narrow, mode);
Py_END_ALLOW_THREADS
return_value = !result;
#endif
If an attacker could change anything along the path between the call `access()` and the files actually used, it may exploit the race condition or a time-of-check, time-of-use race condition
https://linux.die.net/man/2/access
----------
components: Build
messages: 322305
nosy: Dhiraj_Mishra
priority: normal
severity: normal
status: open
title: racecondition
type: security
versions: Python 2.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue34209>
_______________________________________
More information about the Python-bugs-list
mailing list