[Python-Dev] Warn about mktemp once again? (original) (raw)
Toby Dickenson tdickenson at geminidataloggers.com
Wed May 7 10:40:49 CEST 2008
- Previous message: [Python-Dev] Warn about mktemp once again?
- Next message: [Python-Dev] Warn about mktemp once again?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tristan Seligmann wrote:
The correct way to do this is to create a temporary directory, and then generate a filename underneath that directory to use.
There is a platform difference here. On unix mktemp will usually provide a file name in a world-writeable directory (/tmp/) which is wide open to race condition attacks leading to privilege escalation.
On win32 it will usually (but not always) provide a file name in a directory writeable only by the current user. The temporary directory step sometimes seems unnecessary to windows developers.
- Previous message: [Python-Dev] Warn about mktemp once again?
- Next message: [Python-Dev] Warn about mktemp once again?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]