SPUG: Perl directory permission checks and *nix ACLs

Christopher Howard choward at indicium.us
Mon Dec 29 17:55:01 PST 2008 

On Mon, 29 Dec 2008, Ben Reser wrote:

> On Mon, Dec 29, 2008 at 12:33 PM, Christopher Howard
> <choward at indicium.us> wrote:
>> If any of you have done Perl file permission checks in the context of a *nix
>> environment, would you take a look at this post I made:
>>
>> http://www.linux.com/forums/topic/3792
>>
>> I posted this question to my Linux forum because it seemed like more of a
>> *nix issue than a Perl-specific issue. But if any of you have any insight
>> into this, I'd appreciate the help.
>
> I'd say if you're trying to check permissions before an operation
> which you are you're doing it wrong.
> I'm not sure why you have the idea it saves the program any time by
> doing this check in advance.
>
> Permissions/ACLs etc can change at any time.  Even if you correctly
> determine that your operation
> is permitted between your check and your actual operation the
> permission can change.
>
> Additionally, trying to do what you're trying to do can introduce
> security vulnerabilities into your program.
> Race conditions between permission and file existence checks are a
> fairly common mistake.
>
> For an explanation of how this can become a security issue see:
> http://developer.apple.com/DOCUMENTATION/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html#//apple_ref/doc/uid/TP40002585-SW2
>
> And here's a specific article related to perl on the issue:
> http://perltraining.com.au/tips/2005-11-24.html
> _____________________________________________________________
> Seattle Perl Users Group Mailing List
>     POST TO: spug-list at pm.org
> SUBSCRIPTION: http://mail.pm.org/mailman/listinfo/spug-list
>    MEETINGS: 3rd Tuesdays
>    WEB PAGE: http://seattleperl.org/
>

Thanks. I looked at my code again, and it does seem like a lot of the 
checks are quite unnecessary. I'm just going to strip them out and rely on 
the return values from the attempts.

Side note regarding the signature format issue: I'm more than happy to 
oblige, as I think having standard sig formats makes sense. However, is 
this convention simply based on the practices of one or two mailers? Or is 
there some standards body out that placed its blessing on the 
dash-dash-space-return format? If you could give me a reference, it would 
be helpful, at least so I'd have something to e-mail my buddy when he asks 
why I'm insisting on a certain format.

-- 
Christopher Howard
choward at indicium.us
http://www.indicium.us

More information about the spug-list mailing list