On 2016-04-26, Steven D'Aprano wrote:
> On Tue, 26 Apr 2016 11:30 pm, Adam Funk wrote:
>> I've been improvising with things like this:
>>
>> import pathlib, os
>>
>> path = pathlib.Path('some/directory')
>> writable = os.access(str(path), os.W_OK | os.X_OK)
>>
>> Is that the best way to do it?
>
> No. All you have learned is that the directory is writable *now*. In a
> millisecond, or a minute, when you actually go to write to it, it may no
> longer be writable -- it may not even exist.
>
> There is a whole class of serious security vulnerabilities and bugs caused
> by the difference between the time you check something and the time you
> actually use it. "Time of check to time of use" bugs can be best avoided by
> not checking ahead of time whether the directory is writable, but just
> *attempting to write to it*, and catching the error if you can't.
I appreciate the general principle, but the situation here is a tool
that iterates over a loop of the following: GET some chunks of data
from a REST service, process them, PUT something back to existing
documents through the REST service, & save the result in a directory
specified as a command-line option. I don't want the tool to modify
the first batch of data in the REST service, be unable to store the
results locally, & crash as a result.
--
A mathematical formula should never be "owned" by anybody! Mathematics
belongs to God. --- Donald Knuth
--
https://mail.python.org/mailman/listinfo/python-list
