mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-03 15:31:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

The TemporaryFile() function has a security leak -- because the

Browse source 
filenames generated are easily predictable, it is possible to trick an
unsuspecting program into overwriting another file by creating a
symbolic link with the predicted name.  Fix this by using the
low-level os.open() function with the O_EXCL flag and mode 0700.  On
non-Unix platforms, presumably there are no symbolic links so the
problem doesn't exist.  The explicit test for Unix (posix, actually)
makes it possible to change the non-Unix logic to work without a
try-except clause.

The mktemp() file is as unsafe as ever.
This commit is contained in:
Guido van Rossum 1998-10-24 01:34:45 +00:00
parent 39926e4bba
commit dce3d5502e
1 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Lib/tempfile.py
View file

@ -126,11 +126,12 @@ class TemporaryFileWrapper:
def TemporaryFile(mode='w+b', bufsize=-1, suffix=""): def TemporaryFile(mode='w+b', bufsize=-1, suffix=""):
name = mktemp(suffix) name = mktemp(suffix)
file = open(name, mode, bufsize) if os.name == 'posix':
try: # Unix -- be very careful
fd = os.open(name, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700)
os.unlink(name) os.unlink(name)
except os.error: return os.fdopen(fd, mode, bufsize)
# Non-unix -- can't unlink file that's still open, use wrapper
return TemporaryFileWrapper(file, name)
else: else:
return file # Non-unix -- can't unlink file that's still open, use wrapper
file = open(name, mode, bufsize)
return TemporaryFileWrapper(file, name)