> We've been auditing various code lately to check for /tmp races and so > on. It seems that tempfile.mktemp() is used throughout the Python > library. While nice and portable, tempfile.mktemp() is vulnerable to > races. > > The TemporaryFile does a nice job of handling the filename returned by > mktemp properly, but there are many modules that don't. > > Should I attempt to patch them all to use TemporaryFile? Or set up > conditional use of mkstemp on those systems that support it? Matt, please be sure to look at the 2.1 CVS tree. I believe that we've implemented some changes that may make mktemp() better behaved. If you find that this is still not good enough, please feel free to submit a patch to SourceForge that fixes the uses of mktemp() -- insofar possible. (I know e.g. the test suite has some places where mktemp() is used as the name of a dbm file.) Thanks for looking into this! --Guido van Rossum (home page: http://www.python.org/~guido/)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4