Remove the old cache file when we roll the cache over. This is

to avoid a security problem arising from the way that Zope changes the effective user id. The first cache file gets created while Zope is root, so it can't be reopened as nobody.

Remove the old cache file when we roll the cache over. This is
to avoid a security problem arising from the way that Zope changes the effective user id. The first cache file gets created while Zope is root, so it can't be reopened as nobody.
80ac0af2 · Jim Fulton · e11512e0 · 80ac0af2
Commit 80ac0af2 authored Sep 02, 2000 by Jim Fulton
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 1 deletion

src/ZEO/ClientCache.py src/ZEO/ClientCache.py +8 -1

No files found.
--- a/src/ZEO/ClientCache.py
+++ b/src/ZEO/ClientCache.py
@@ -144,7 +144,7 @@ file 0 and file 1.
 """
-__version__ = "$Revision: 1.9 $"[11:-2]
+__version__ = "$Revision: 1.10 $"[11:-2]
 import os, tempfile
 from struct import pack, unpack
@@ -323,6 +323,13 @@ class ClientCache:
            self._current=current
            if self._p[current] is not None:
                # Persistent cache file:
+                # Note that due to permission madness, waaa,
+                # we need to remove the old file before
+                # we open the new one. Waaaaaaaaaa.
+                if self._f[current] is not None:
+                    close(self._f[current])
+                    try: os.remove(self._p[current])
+                    except: pass
                self._f[current]=open(self._p[current],'w+b')
            else:
                # Temporary cache file: