Comment 2 for bug 532852

Dan Rosenberg (dan-j-rosenberg) wrote :

Come to think of it, please ignore that patch. A determined attacker could exploit the race condition between the access() and stat() calls. I'll revisit this and produce a better patch within the next couple of days.