Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2019-March/156778.html below:

[Python-Dev] Remove tempfile.mktemp()

• Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
• Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2019-03-20 12:45, Victor Stinner wrote:
> You can watch the /tmp directory using inotify and "discover"
> immediately the "secret" filename, it doesn't depend on the amount of
> entropy used to generate the filename.

That's not the problem. The security issue here is guessing the filename 
*before* it's created and putting a different file or symlink in place.

So I actually do think that mktemp() could be made secure by using a 
longer name generated by a secure random generator.

• Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
• Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4