standarddir: Fix TOCTOU issue when creating paths.

Fixes #942.
This commit is contained in:
Florian Bruhin 2015-09-11 18:21:20 +02:00
parent 5d90e0ecd3
commit 5fe420efb5
2 changed files with 25 additions and 2 deletions

View File

@ -163,8 +163,11 @@ def _get(typ):
# non-existant an attempt should be made to create it with permission # non-existant an attempt should be made to create it with permission
# 0700. If the destination directory exists already the permissions # 0700. If the destination directory exists already the permissions
# should not be changed. # should not be changed.
if path is not None and not os.path.exists(path): if path is not None:
try:
os.makedirs(path, 0o700) os.makedirs(path, 0o700)
except FileExistsError:
pass
return path return path

View File

@ -316,3 +316,23 @@ class TestCreatingDir:
if os.name == 'posix': if os.name == 'posix':
assert basedir.stat().mode & 0o777 == 0o700 assert basedir.stat().mode & 0o777 == 0o700
@pytest.mark.parametrize('typ', DIR_TYPES)
def test_exists_race_condition(self, mocker, tmpdir, typ):
"""Make sure there can't be a TOCTOU issue when creating the file.
See https://github.com/The-Compiler/qutebrowser/issues/942.
"""
(tmpdir / typ).ensure(dir=True)
m = mocker.patch('qutebrowser.utils.standarddir.os')
m.makedirs = os.makedirs
m.sep = os.sep
m.path.join = os.path.join
m.path.exists.return_value = False
args = types.SimpleNamespace(basedir=str(tmpdir))
standarddir.init(args)
func = getattr(standarddir, typ)
func()