> > Sounds like a good suggestion; I'll see if I can check something in. > The fix is trivial (IMHO). A patch is attached. Now there you are wrong, my friend. :-) > > (However, given that there already exists an attack on this function, > > does fixing this actually make any difference?) > Not really, but it is defensive programming (since the module is > security-oriented). Maybe you want a non-existent name for a block > device or a pipe (which mkstemp doesn't provide). I use it all the time for situations where I have to name a file that an external program is going to create for me. > I happened to look into the module to see if I can replace some > hand-written functions with the ones in the module and I saw that > mktemp() could be improved maybe. > > Regards, > Iustin Pop > > --zhXaljGHf11kAtnf > Content-Type: text/plain; charset=us-ascii > Content-Disposition: attachment; filename="tempfile.patch" > > diff -urN old/tempfile.py new/tempfile.py > --- old/tempfile.py 2003-11-10 23:07:46.000000000 +0200 > +++ new/tempfile.py 2003-11-10 23:22:57.000000000 +0200 > @@ -338,7 +338,9 @@ > for seq in xrange(TMP_MAX): > name = names.next() > file = _os.path.join(dir, prefix + name + suffix) > - if not _os.path.exists(file): > + try: > + _os.lstat(file) > + except _os.error: > return file > > raise IOError, (_errno.EEXIST, "No usable temporary filename found") This fix would break on non-Unix platforms (the module should work everywhere). Fortunately I already checked something in that *does* work across platforms. :-) --Guido van Rossum (home page: http://www.python.org/~guido/)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4