[Python-Dev] Remove tempfile.mktemp() (original) (raw)
eryk sun eryksun at gmail.com
Sat Mar 23 21:13:26 EDT 2019
- Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 3/23/19, Cameron Simpson <cs at cskk.id.au> wrote:
Also, the common examples are attackers who are not the user making the tempfile, in which case the default mktemp is sort of secure with the above because it gets made in /tmp which on a modern POSIX system prevents other uses from removing/renaming a file. (And Eryk I think described the Windows situation which is similarly protected).
Using NamedTemporaryFile(delete=False) or mkstemp() ensures that the file is created and opened securely. in contrast, the filename from mktemp() might be used naively in POSIX, such as open(path, "w"). This file might grant read access to everyone depending on the file-mode creation mask (umask). Also, since it neglects to use exclusive mode ("x"), it might open an existing file that grants read-write permission to the world, or maybe it's a symlink.
By default, even naive use of the mktemp() name in Windows remains secure, since every user has a separate temp directory that's only accessible by privileged users such as SYSTEM, Administrators, and Backup Operators (with SeBackupPrivilege and SeRestorePrivilege enabled). The primary issue with a short name is an accidental name collision with another program that's not as careful as Python's tempfile. Using a longer name decreases the chance of this to practically nothing.
- Previous message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Next message (by thread): [Python-Dev] Remove tempfile.mktemp()
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]