On Tue, 19 Mar 2019 at 17:47, Sebastian Rittau <srit...@rittau.biz> wrote:
> Am 19.03.19 um 17:23 schrieb Giampaolo Rodola': > > @Sebastian > >> If there are valid use cases for mktemp(), I recommend renaming > >> it to mkname_unsafe() or something equally obvious. > > I'm -1 about adding an alias (there should be one and preferably only > > one way to do it). Also mkstemp() and mkdtemp() are somewhat poorly > > named IMO, but I wouldn't add an alias for them either. > > > Just to clarify: I was not suggesting creating an alias, I was suggesting > renaming the function, but keeping the old name for a normal > deprecation cycle. > > But I had another thought: If I understand correctly, the exploitability > of mktemp() relies on the fact that between determining whether the > file exists and creation an attacker can create the file themselves. > Couldn't this problem be solved by generating a filename of sufficient > length using the secrets module? This way the filename should be > "unguessable" and safe. Technically you cannot make it 100% safe, only less likely to occur. And on a second thought (I retract :)) since this could be used in real apps other than tests (I was too focused on that) I think this should be a doc warning after all, not info. Doc may suggest to use mode=x when creating the file, in order to remove the security implications. -- Giampaolo - http://grodola.blogspot.com
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com