bug [ 872769 ] os.access() documentation should stress race conditions

author: Georg Brandl <georg@python.org> 2005-07-17 21:10:11 (GMT)
committer: Georg Brandl <georg@python.org> 2005-07-17 21:10:11 (GMT)
commit: b37b8eca8856b0a034814f60fd34490d962c6dff (patch)
tree: 04ca14ffb142e0872ae9602179ee3075b9b7e71e /Doc/lib/libos.tex
parent: 75d5106bd0e026ce1bfe5026a62063ee198bc342 (diff)
download: cpython-b37b8eca8856b0a034814f60fd34490d962c6dff.zip
cpython-b37b8eca8856b0a034814f60fd34490d962c6dff.tar.gz
cpython-b37b8eca8856b0a034814f60fd34490d962c6dff.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/Doc/lib/libos.tex b/Doc/lib/libos.tex
index 2fbe669..e5b5962 100644
--- a/Doc/lib/libos.tex
+++ b/Doc/lib/libos.tex
@@ -680,6 +680,11 @@ test permissions.  Return \constant{True} if access is allowed,
 \constant{False} if not.
 See the \UNIX{} man page \manpage{access}{2} for more information.
 Availability: Macintosh, \UNIX, Windows.
+
+\note{Using \function{access()} to check if a user is authorized to e.g.
+open a file before actually doing so using \function{open()} creates a 
+security hole, because the user might exploit the short time interval 
+between checking and opening the file to manipulate it.}
 \end{funcdesc}
 
 \begin{datadesc}{F_OK}
author	Georg Brandl <georg@python.org>	2005-07-17 21:10:11 (GMT)
committer	Georg Brandl <georg@python.org>	2005-07-17 21:10:11 (GMT)
commit	b37b8eca8856b0a034814f60fd34490d962c6dff (patch)
tree	04ca14ffb142e0872ae9602179ee3075b9b7e71e /Doc/lib/libos.tex
parent	75d5106bd0e026ce1bfe5026a62063ee198bc342 (diff)
download	cpython-b37b8eca8856b0a034814f60fd34490d962c6dff.zip cpython-b37b8eca8856b0a034814f60fd34490d962c6dff.tar.gz cpython-b37b8eca8856b0a034814f60fd34490d962c6dff.tar.bz2