[Python-checkins] cpython (merge 3.1 -> 3.2): merge 3.1
benjamin.peterson
python-checkins at python.org
Fri May 20 18:43:49 CEST 2011
http://hg.python.org/cpython/rev/a341694216fc
changeset: 70230:a341694216fc
branch: 3.2
parent: 70224:68dd623f77f4
parent: 70228:03164219fc47
user: Benjamin Peterson <benjamin at python.org>
date: Fri May 20 11:41:59 2011 -0500
summary:
merge 3.1
files:
Doc/library/os.rst | 21 ++++++++++++++++++++-
1 files changed, 20 insertions(+), 1 deletions(-)
diff --git a/Doc/library/os.rst b/Doc/library/os.rst
--- a/Doc/library/os.rst
+++ b/Doc/library/os.rst
@@ -895,7 +895,26 @@
Using :func:`access` to check if a user is authorized to e.g. open a file
before actually doing so using :func:`open` creates a security hole,
because the user might exploit the short time interval between checking
- and opening the file to manipulate it.
+ and opening the file to manipulate it. It's preferable to use :term:`EAFP`
+ techniques. For example::
+
+ if os.access("myfile", os.R_OK):
+ with open("myfile") as fp:
+ return fp.read()
+ return "some default data"
+
+ is better written as::
+
+ try:
+ fp = open("myfile")
+ except OSError as e:
+ if e.errno == errno.EACCESS:
+ return "some default data"
+ # Not a permission error.
+ raise
+ else:
+ with fp:
+ return fp.read()
.. note::
--
Repository URL: http://hg.python.org/cpython
More information about the Python-checkins
mailing list