New submission from Rene Dudfield <ill...@users.sourceforge.net>: hello!
Pythons distutils has a race condition where it starts to copy files into the python path whilst installing. This is a race condition, since python programs can be importing the package whilst the package is being installed. It would be good for distutils to install things in an atomic manner. Where things can be installed, or not installed. Like, on unix by moving the files in from a temporary directory. This would also help reduce breakages. Since if a package breaks half way installing a package then the broken version will not over write the existing version. It's not a very serious problem, since most people don't install things on live important systems(but some do). It does make hard to diagnose problems though... which are good ones to fix. Most packaging tools fix the issues with the source installs (eg, using .deb installers). I've only looked at the source install, but I imagine other install methods might be affected too. os.rename mkdtemp http://docs.python.org/library/tempfile.html#tempfile.mkdtemp Perhaps files should be created in the /tmp first, and then moved in. /tmp/ can be in a different file system so a rename won't work in that case on some OSes. If you create the temp directory in the same directory as the directory to install. In that case rename doesn't work, using the temp file system(eg /tmp) and then copying to a temp directory in the site-packages directory, with finally a move into place. If copying to the site-packages before moving, then there could be left over temp files in the site-packages directory. So these would need to be considered, and cruft cleaned up. This is why using the normal temp directory would be better, since the temp files will be cleaned as normal policy on the system. setuptools/distribute writes the .egg-info at the end of the install. This should also use a move for install, for the same reasons. However, there might still be a separate race condition since that lives in a different directory. Since you can not atomically move two things at once( I think? ) the .egg-info will continue to be a race condition, unless both directories are moved into the same one. Just as moving packages into place will make the installs more robust, so will testing the packages before moving them into place. Some way to test the install before moving it into place would be good. Or at least trying to import the package in a sub process. Taking advantage of the test command could be an idea. Test before moving into place would give a better chance of good packages being used. Import before moving into place could also help. ---------- assignee: tarek components: Distutils messages: 95833 nosy: illume, tarek severity: normal status: open title: distutils install race condition type: security _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue7412> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
