New submission from Yusuke Endoh <[email protected]>:
Hello, The tempfile library does not check the prefix argument, which can be exploited to create files outside tmpdir by using directory traversal. ``` >>> import tempfile >>> tempfile.gettempprefix() 'tmp' >>> f = tempfile.NamedTemporaryFile(prefix="/home/mame/cracked") >>> f.name '/home/mame/crackedlt3y_ddm' ``` The same issue was found and treated as a vulnerability in PHP (CVE-2006-1494) and Ruby (CVE-2018-6914). I first reported this issue to [email protected] at July 2018. Some people kindly discussed it, and finally I was told to create a ticket here. ---------- components: Library (Lib) messages: 330097 nosy: Yusuke Endoh priority: normal severity: normal status: open title: directory traversal in tempfile prefix type: security versions: Python 3.8 _______________________________________ Python tracker <[email protected]> <https://bugs.python.org/issue35278> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
