commit 938a8d723ccc82bd5a46354a5740f138d9cfe33e
author Fred Drake <fdrake@acm.org> Tue Oct 09 18:07:04 2001 +0000
committer Fred Drake <fdrake@acm.org> Tue Oct 09 18:07:04 2001 +0000
tree 56be76c3190df5a7fcde530b4fc0bc468bb9fe49
parent 92350b3a1f7446e561305bfaa101efeb08286bcc

Improve the documentation for the os.P_* constants used with the os.spawn*()
functions to include information about how they affect the operation of
those functions when used as the "mode" parameter.
This closes SF bug #468384.

Added warnings to the os.tempnam() and os.tmpnam() functions regarding their
security problem.  These warning mirror the warnings added to the runtime
by Skip Montanaro.

Doc/lib/libos.tex

diff --git a/Doc/lib/libos.tex b/Doc/lib/libos.tex
index f8804e8..8adcbd5 100644
--- a/Doc/lib/libos.tex
+++ b/Doc/lib/libos.tex
@@ -795,6 +795,8 @@
 filename.  Applications are responsible for properly creating and
 managing files created using paths returned by \function{tempnam()};
 no automatic cleanup is provided.
+\warning{Use of \function{tempnam()} is vulnerable to symlink attacks;
+consider using \function{tmpfile()} instead.}
 Availability: \UNIX, Windows.
 \end{funcdesc}
 
@@ -805,6 +807,8 @@
 responsible for properly creating and managing files created using
 paths returned by \function{tmpnam()}; no automatic cleanup is
 provided.
+\warning{Use of \function{tmpnam()} is vulnerable to symlink attacks;
+consider using \function{tmpfile()} instead.}
 Availability: \UNIX, Windows.
 \end{funcdesc}
 
@@ -1011,20 +1015,36 @@
 \versionadded{1.6}
 \end{funcdesc}
 
-\begin{datadesc}{P_WAIT}
-\dataline{P_NOWAIT}
+\begin{datadesc}{P_NOWAIT}
 \dataline{P_NOWAITO}
-Possible values for the \var{mode} parameter to \function{spawnv()}
-and \function{spawnve()}.
+Possible values for the \var{mode} parameter to the \function{spawn*()}
+family of functions.  If either of these values is given, the
+\function{spawn*()} functions will return as soon as the new process
+has been created, with the process ID as the return value.
 Availability: \UNIX{}, Windows.
 \versionadded{1.6}
 \end{datadesc}
 
-\begin{datadesc}{P_OVERLAY}
-\dataline{P_DETACH}
-Possible values for the \var{mode} parameter to \function{spawnv()}
-and \function{spawnve()}.  These are less portable than those listed
-above.
+\begin{datadesc}{P_WAIT}
+Possible value for the \var{mode} parameter to the \function{spawn*()}
+family of functions.  If this is given as \var{mode}, the
+\function{spawn*()} functions will not return until the new process
+has run to completion and will return the exit code of the process the
+run is successful, or \code{-\var{signal}} if a signal kills the
+process.
+Availability: \UNIX{}, Windows.
+\versionadded{1.6}
+\end{datadesc}
+
+\begin{datadesc}{P_DETACH}
+\dataline{P_OVERLAY}
+Possible values for the \var{mode} parameter to the
+\function{spawn*()} family of functions.  These are less portable than
+those listed above.
+\constant{P_DETACH} is similar to \constant{P_NOWAIT}, but the new
+process is detached from the console of the calling process.
+If \constant{P_OVERLAY} is used, the current process will be replaced;
+the \function{spawn*()} function will not return.
 Availability: Windows.
 \versionadded{1.6}
 \end{datadesc}