Charles-François Natali added the comment: > Shouldn't you try to make the permission removal atomic? > Otherwise there's a window of opportunity to exploit the suid bit.
Actually there's already a race even without setuid bit: http://bugs.python.org/issue15100 All metadat should be set atomically. ---------- nosy: +neologix _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue17180> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
