[Python-Dev] Warn about mktemp once again? (original) (raw)

Guido van Rossum guido at python.org
Tue May 6 19:16:10 CEST 2008

• Previous message: [Python-Dev] Warn about mktemp once again?
• Next message: [Python-Dev] Warn about mktemp once again?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 6, 2008 at 4:19 AM, Tristan Seligmann <mithrandi-python-dev at mithrandi.za.net> wrote:

* Antoine Pitrou <solipsis at pitrou.net> [2008-05-06 10:47:23 +0000]: > Sorry to revive this thread, but mktemp() is very useful when the file is meant > to be created by another application (e.g. launched by subprocess, but it could > even be a daemon running under a different user). For example if I have a > processing chain to converts a PDF to a temporary JPEG using an external tool > and then does other things with the JPEG: I don't want Python to actually > create the file, just to generate an unique filename.

The correct way to do this is to create a temporary directory, and then generate a filename underneath that directory to use.

Good catch. The problem with mktemp() is exactly its convenience, which opens it up for well-documented symlink attacks.

-- --Guido van Rossum (home page: http://www.python.org/~guido/)

• Previous message: [Python-Dev] Warn about mktemp once again?
• Next message: [Python-Dev] Warn about mktemp once again?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list