[Python-3000] Support for newline and encoding arguments to open in tempfile module, also mktemp deprecation

[Guido van Rossum]

On 8/26/07, Adam Hupp <adam at hupp.org> wrote:
> It would be useful to support 'newline' and 'encoding' arguments in
> tempfile.TemporaryFile and friends.  These new arguments would be
> passed directly into io.open.  I've uploaded a patch for this to:
>
> http://bugs.python.org/issue1033
>
> The 'bufsize' argument to os.fdopen has changed to 'buffering' so I
> went ahead and made the same change to TemporaryFile etc.  Is this a
> desirable?

Hm, why not just create the temporary file in binary mode and wrap an
io.TextIOWrapper instance around it?

> While in tempfile, I noticed that tempfile.mktemp() has the following comment:
>
> "This function is unsafe and should not be used."
>
> The docs list it as "Deprecated since release 2.3".  Should it be
> removed in py3k?

I personally think the deprecation was an overreaction to the security
concerns. People avoid the warning by calling mkstemp() but then just
close the file descriptor and use the filename anyway; that's just as
unsafe, but often there's just no other way. I say, remove the
deprecation.

The attack on mktemp() is much less likely because the name is much
more random anyway.

(If you haven't heard of the attack: another process could guess the
name of the tempfile and quickly replacing it with a symbolic link
pointing to a file owned by the user owning the process, e.g.
/etc/passwd, which will then get overwritten. This is because /tmp is
writable by anyone. It works for non-root users too, to some extent.)

-- 
--Guido van Rossum (home page: http://www.python.org/~guido/)