[Patches] Patch to make tempfile return random filenames
Mon, 22 May 2000 14:13:19 -0700 (PDT)
>>>>> "AMK" == Andrew M Kuchling <firstname.lastname@example.org> writes:
AMK> I think it's worth fixing, but I'm not clear on what the safe
AMK> way to create a temp. file *is*. Has anyone written a clear
AMK> guide to the safe way to open tempfiles?
I just poked around the bugtraq list for a minute. Found one
discussion of a tempfile vulnerability:
The approach the L0phtCrack folks took was to create tempfiles in a
directory owned by the application where other users couldn't create
symlinks. This is a much better approach that trying to produce
hard-to-guess temp filenames in a shared directory.
-1 on "fixing" the tempfile module