From 938a8d723ccc82bd5a46354a5740f138d9cfe33e Mon Sep 17 00:00:00 2001 From: Fred Drake Date: Tue, 9 Oct 2001 18:07:04 +0000 Subject: [PATCH] Improve the documentation for the os.P_* constants used with the os.spawn*() functions to include information about how they affect the operation of those functions when used as the "mode" parameter. This closes SF bug #468384. Added warnings to the os.tempnam() and os.tmpnam() functions regarding their security problem. These warning mirror the warnings added to the runtime by Skip Montanaro. --- Doc/lib/libos.tex | 38 +++++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/Doc/lib/libos.tex b/Doc/lib/libos.tex index f8804e812a7..8adcbd5a34d 100644 --- a/Doc/lib/libos.tex +++ b/Doc/lib/libos.tex @@ -795,6 +795,8 @@ files if \var{dir} is omitted or \code{None}. If given and not filename. Applications are responsible for properly creating and managing files created using paths returned by \function{tempnam()}; no automatic cleanup is provided. +\warning{Use of \function{tempnam()} is vulnerable to symlink attacks; +consider using \function{tmpfile()} instead.} Availability: \UNIX, Windows. \end{funcdesc} @@ -805,6 +807,8 @@ entry in a common location for temporary files. Applications are responsible for properly creating and managing files created using paths returned by \function{tmpnam()}; no automatic cleanup is provided. +\warning{Use of \function{tmpnam()} is vulnerable to symlink attacks; +consider using \function{tmpfile()} instead.} Availability: \UNIX, Windows. \end{funcdesc} @@ -1011,20 +1015,36 @@ Availability: \UNIX{}, Windows. \versionadded{1.6} \end{funcdesc} -\begin{datadesc}{P_WAIT} -\dataline{P_NOWAIT} +\begin{datadesc}{P_NOWAIT} \dataline{P_NOWAITO} -Possible values for the \var{mode} parameter to \function{spawnv()} -and \function{spawnve()}. +Possible values for the \var{mode} parameter to the \function{spawn*()} +family of functions. If either of these values is given, the +\function{spawn*()} functions will return as soon as the new process +has been created, with the process ID as the return value. Availability: \UNIX{}, Windows. \versionadded{1.6} \end{datadesc} -\begin{datadesc}{P_OVERLAY} -\dataline{P_DETACH} -Possible values for the \var{mode} parameter to \function{spawnv()} -and \function{spawnve()}. These are less portable than those listed -above. +\begin{datadesc}{P_WAIT} +Possible value for the \var{mode} parameter to the \function{spawn*()} +family of functions. If this is given as \var{mode}, the +\function{spawn*()} functions will not return until the new process +has run to completion and will return the exit code of the process the +run is successful, or \code{-\var{signal}} if a signal kills the +process. +Availability: \UNIX{}, Windows. +\versionadded{1.6} +\end{datadesc} + +\begin{datadesc}{P_DETACH} +\dataline{P_OVERLAY} +Possible values for the \var{mode} parameter to the +\function{spawn*()} family of functions. These are less portable than +those listed above. +\constant{P_DETACH} is similar to \constant{P_NOWAIT}, but the new +process is detached from the console of the calling process. +If \constant{P_OVERLAY} is used, the current process will be replaced; +the \function{spawn*()} function will not return. Availability: Windows. \versionadded{1.6} \end{datadesc}