当且仅当 Python 中不存在文件时才安全地创建文件

我希望根据文件是否已经存在来写入一个文件,只有在文件不存在的情况下才写入(实际上,我希望不断尝试文件,直到找到一个不存在的文件)。

下面的代码显示了潜在攻击者可以插入符号链接的方式,正如 这篇文章中在文件测试和正在编写的文件之间所建议的那样。如果代码以足够高的权限运行,这可能会覆盖任意文件。

有办法解决这个问题吗?

import os
import errno


file_to_be_attacked = 'important_file'


with open(file_to_be_attacked, 'w') as f:
f.write('Some important content!\n')


test_file = 'testfile'


try:
with open(test_file) as f: pass
except IOError, e:


# Symlink created here
os.symlink(file_to_be_attacked, test_file)


if e.errno != errno.ENOENT:
raise
else:
with open(test_file, 'w') as f:
f.write('Hello, kthxbye!\n')
68961 次浏览
小开
最佳答案

Edit: See also Dave Jones' answer: from Python 3.3, you can use the x flag to open() to provide this function.

Original answer below

Yes, but not using Python's standard open() call. You'll need to use os.open() instead, which allows you to specify flags to the underlying C code.

In particular, you want to use O_CREAT | O_EXCL. From the man page for open(2) under O_EXCL on my Unix system:

Ensure that this call creates the file: if this flag is specified in conjunction with O_CREAT, and pathname already exists, then open() will fail. The behavior of O_EXCL is undefined if O_CREAT is not specified.

When these two flags are specified, symbolic links are not followed: if pathname is a symbolic link, then open() fails regardless of where the symbolic link points to.

O_EXCL is only supported on NFS when using NFSv3 or later on kernel 2.6 or later. In environments where NFS O_EXCL support is not provided, programs that rely on it for performing locking tasks will contain a race condition.

So it's not perfect, but AFAIK it's the closest you can get to avoiding this race condition.

Edit: the other rules of using os.open() instead of open() still apply. In particular, if you want use the returned file descriptor for reading or writing, you'll need one of the O_RDONLY, O_WRONLY or O_RDWR flags as well.

All the O_* flags are in Python's os module, so you'll need to import os and use os.O_CREAT etc.

Example:

import os
import errno


flags = os.O_CREAT | os.O_EXCL | os.O_WRONLY


try:
file_handle = os.open('filename', flags)
except OSError as e:
if e.errno == errno.EEXIST:  # Failed as the file already exists.
pass
else:  # Something unexpected went wrong so reraise the exception.
raise
else:  # No exception, so the file must have been created successfully.
with os.fdopen(file_handle, 'w') as file_obj:
# Using `os.fdopen` converts the handle to an object that acts like a
# regular Python file object, and the `with` context manager means the
# file will be automatically closed when we're done with it.
file_obj.write("Look, ma, I'm writing to a new file!")
小开

This code will easily create a file if one does not exists.

import os
if not os.path.exists('file'):
open('file', 'w').close()
小开

For reference, Python 3.3 implements a new 'x' mode in the open() function to cover this use-case (create only, fail if file exists). Note that the 'x' mode is specified on its own. Using 'wx' results in a ValueError as the 'w' is redundant (the only thing you can do if the call succeeds is write to the file anyway; it can't have existed if the call succeeds):

>>> f1 = open('new_binary_file', 'xb')
>>> f2 = open('new_text_file', 'x')

For Python 3.2 and below (including Python 2.x) please refer to the accepted answer.


提交答案