On 23Oct2018 11:24, Peter Otten <__pete...@web.de> wrote:
Cameron Simpson wrote:
The doco for mktemp (do not use! use mkstemp or the
NamedTemporaryFile
classes instead!) explicitly mentions using delete=False.
Well, "permanent temporary file" does sound odd.
By the way, NamedTemporaryFile returns a proxy instead of the file itself.
In some rare cases that could be a problem.
Would mktemp() really be dangerous if you used it like this,
def new_game(directory):
for _retry in range(3):
filename = mktemp("game_", ".json", dir=directory)
try:
return open(filename, "x")
except FileExistsError:
pass
raise FileExistsError
with the "x" mode?
In terms of a race, maybe not. But in terms of security? Probably.
Consider: the issue with mktemp is that it can be switched out before
use. So:
Alice: mktemp() -> filename
Mallory: guess filename, put a symlink there pointing at a file which
doesn't exist, but which has an effect if it does. For example, in
ancient windows, an autorun.ini file. Or cooler, on UNIX, a file in
/etc/cron.d.
Alice: write to filename, not accidentally _creating_ the target of the
symlink, now writing a file somewhere unwanted.
Now, the examples above pretend that Alice has root privileges so that
Mallory affects a root run system. But for Alice, it is just as bad if
Mallory just subverts her personal account via some other pathname.
Also, there's the issue of privacy: open(), in your example, will use
the default umask, which may be more open than one wants. And so on...
Cheers,
Cameron Simpson <c...@cskk.id.au>
_______________________________________________
Tutor maillist - Tutor@python.org
To unsubscribe or change subscription options:
https://mail.python.org/mailman/listinfo/tutor
