[Python-Dev] Concerns about tempfile.mktemp()

[Matt Wilson]

Right, but this isn't the problem that I'm describing.  Because mktemp
just return a "checked" filename, it is vulnerable to symlink attacks.
Python programs run as root have a small window of opportunity between
when mktemp checks for the existence of the temp file and when the
function calling mktemp actually uses it.

So, it's hostile out-of-process attacks I'm worrying about, and the
recent CVS changes don't address that.

Cheers,

Matt

On Mon, Mar 12, 2001 at 09:07:46PM -0500, Tim Peters wrote:
> 
> Adding to what Guido said, the 2.1 mktemp() finally bites the bullet and uses
> a mutex to ensure that no two threads (within a process) can ever generate
> the same filename.  The 2.0 mktemp() was indeed subject to races in this
> respect.  Freedom from cross-process races relies on using the pid in the
> filename too.