On Tue, 19 Mar 2019 at 16:47, Sebastian Rittau <srit...@rittau.biz> wrote: > But I had another thought: If I understand correctly, the exploitability > of mktemp() relies on the fact that between determining whether the > file exists and creation an attacker can create the file themselves. > Couldn't this problem be solved by generating a filename of sufficient > length using the secrets module? This way the filename should be > "unguessable" and safe.
IMO, there's not much point trying to "fix" mktemp(). The issues with it are clear and there are far better alternatives already available for people who need them. The question here is simply about removing the function "because people might mistakenly use it and create security risks". Personally, I don't think we should break the code of people who are using mktemp() correctly, in awareness of its limitations, just out of some idea of protecting people from themselves. Certainly we should provide safe library functions wherever possible, but we should have better reasons for removing functions that have been around for many, many years than just "people might be using it wrongly". Paul _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
