Right, but this isn't the problem that I'm describing. Because mktemp just return a "checked" filename, it is vulnerable to symlink attacks. Python programs run as root have a small window of opportunity between when mktemp checks for the existence of the temp file and when the function calling mktemp actually uses it. So, it's hostile out-of-process attacks I'm worrying about, and the recent CVS changes don't address that. Cheers, Matt On Mon, Mar 12, 2001 at 09:07:46PM -0500, Tim Peters wrote: > > Adding to what Guido said, the 2.1 mktemp() finally bites the bullet and uses > a mutex to ensure that no two threads (within a process) can ever generate > the same filename. The 2.0 mktemp() was indeed subject to races in this > respect. Freedom from cross-process races relies on using the pid in the > filename too.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4