[New-bugs-announce] [issue20447] doctest.debug_script: insecure use of /tmp

Jakub Wilk report at bugs.python.org
Thu Jan 30 15:03:45 CET 2014

New submission from Jakub Wilk:

The doctest.debug_script function creates temporary files in an insecure way:

    srcfilename = tempfile.mktemp(".py", "doctestdebug")
    f = open(srcfilename, 'w')

This is already fixed for Python >= 3.2, although for reasons other than security: issue12451

components: Library (Lib)
messages: 209717
nosy: jwilk
priority: normal
severity: normal
status: open
title: doctest.debug_script: insecure use of /tmp
type: security
versions: Python 2.7, Python 3.1

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list