SPUG: Perl directory permission checks and *nix ACLs

Ben Reser ben at reser.org
Mon Dec 29 13:20:41 PST 2008


On Mon, Dec 29, 2008 at 12:33 PM, Christopher Howard
<choward at indicium.us> wrote:
> If any of you have done Perl file permission checks in the context of a *nix
> environment, would you take a look at this post I made:
>
> http://www.linux.com/forums/topic/3792
>
> I posted this question to my Linux forum because it seemed like more of a
> *nix issue than a Perl-specific issue. But if any of you have any insight
> into this, I'd appreciate the help.

I'd say if you're trying to check permissions before an operation
which you are you're doing it wrong.
I'm not sure why you have the idea it saves the program any time by
doing this check in advance.

Permissions/ACLs etc can change at any time.  Even if you correctly
determine that your operation
is permitted between your check and your actual operation the
permission can change.

Additionally, trying to do what you're trying to do can introduce
security vulnerabilities into your program.
Race conditions between permission and file existence checks are a
fairly common mistake.

For an explanation of how this can become a security issue see:
http://developer.apple.com/DOCUMENTATION/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html#//apple_ref/doc/uid/TP40002585-SW2

And here's a specific article related to perl on the issue:
http://perltraining.com.au/tips/2005-11-24.html


More information about the spug-list mailing list