0

I want to understand why many people get bothered when using a or a+ as built-in open() function mode in a non-existing file.

Looking here and away in other questions, I can see them checking that file exists manually. If it does exist, then they will create the file using w, otherwise they will use a.

Some others use a+ saying it's the one that will create a new file and append text if it exists.

Finally, others are saying a may not work (or maybe it's causing some bug under a Python version?) with open().

I tried open()ing a file and appending with both a and a+ parameters with a non-existing filename, and it creates a new file without problems. What's a really good explanation of this?

pyth0n3r
  • 1
  • Does this answer your question? [python open built-in function: difference between modes a, a+, w, w+, and r+?](https://stackoverflow.com/questions/1466000/python-open-built-in-function-difference-between-modes-a-a-w-w-and-r) – SuperStormer Apr 15 '20 at 16:33
  • @SuperStormer no, it actually doesn't at all, thank you though (I will take a look). The question asks why people get bothered sometimes when using `a`, `a+` or check if file exists before appending. – pyth0n3r Apr 15 '20 at 16:39
  • The linked thread contains comments explaining that check before open creates a so called race condition (something might happen undetected between the moment of check and the moment of file open). Please, take those comments seriously. All code with race conditions is bad. Only the extent how bad varies. – VPfB Apr 15 '20 at 16:42
  • @VPfB that seems definitely serious, you're right. Do you mind if you make a more detailed answer talking about how this "race condition" could be exploitable? Also if checking the file before opening with `a` or `a+` is bad, why do some others consider using `a+` instead of `a` in order to create a new file? – pyth0n3r Apr 15 '20 at 16:48
  • @pyth0n3r An example of exploitable race condition: 1. check if a filename exist, because we don't want to overwrite anything. 2 if not, write data to that file. Now imagine that after step 1 and before step 2 a symbolic link with the same name is created. The data will overwrite any file the link points to. Permissions play a role, but the potential for a damage is there. – VPfB Apr 15 '20 at 17:04
  • @VPfB I understand now. What about my other question in my last comment here? – pyth0n3r Apr 15 '20 at 17:26
  • @pyth0n3r You mean `a` vs `a+`? I am not aware of any other difference except that one is for write-only access and the other for read-write access. – VPfB Apr 15 '20 at 18:30
  • @VPfB I'll accept your answer if you reply with that answer (and saying if I don't really need to check filename exists and directly using `a` or `a+` append mode when I need to). – pyth0n3r Apr 15 '20 at 18:35
  • @pyth0n3r Thank you, but it wasn't me who answered your question, I just emphasized the race condition warning. – VPfB Apr 16 '20 at 06:19

1 Answers1

0

Depending on the OS and the file system, all writes may go to the end of the file when you open a file in 'a' or 'a+' mode. In some cases it may be desirable or not.

Serge Ballesta
  • 143,923
  • 11
  • 122
  • 252
  • Thank you for your reply, I appreciate very much for your effort. Are you talking about opening a non-existing file? – pyth0n3r Apr 15 '20 at 15:55
  • On most Unix-like systems, any output will go to the end of a file when opened in `'a'` mode, whether it was existing or non existing. – Serge Ballesta Apr 15 '20 at 15:57
  • I understand your concern, but maybe I asked something other (or maybe with "writes going to the end of the file" you meant it would fail? If you meant this, shouldn't it have to work if it exists and not if it doesn't?). Look [here](https://stackoverflow.com/a/48035730/13322421), it seems he tried to say `a` is actually made to append, while `a+` is actually made to append (and create a file if it doesn't exist). Is there really any advantage of – pyth0n3r Apr 15 '20 at 16:06