[Python-Dev] Remove tempfile.mktemp() (original) (raw)
Paul Moore p.f.moore at gmail.com
Tue Mar 19 13:03:38 EDT 2019
- Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 19 Mar 2019 at 16:47, Sebastian Rittau <srittau at rittau.biz> wrote:
But I had another thought: If I understand correctly, the exploitability of mktemp() relies on the fact that between determining whether the file exists and creation an attacker can create the file themselves. Couldn't this problem be solved by generating a filename of sufficient length using the secrets module? This way the filename should be "unguessable" and safe.
IMO, there's not much point trying to "fix" mktemp(). The issues with it are clear and there are far better alternatives already available for people who need them. The question here is simply about removing the function "because people might mistakenly use it and create security risks".
Personally, I don't think we should break the code of people who are using mktemp() correctly, in awareness of its limitations, just out of some idea of protecting people from themselves. Certainly we should provide safe library functions wherever possible, but we should have better reasons for removing functions that have been around for many, many years than just "people might be using it wrongly".
Paul
- Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]