[Patches] Patch to make tempfile return random filenames

[Ragnar Kjørstad]

On Sun, May 21, 2000 at 02:21:03PM -0400, Tim Peters wrote:
> [Ragnar Kjørstad]
> > This patch changes tempfile to return a random filename. The reason for
> > then change is that predictable filenames can be a security-problem,
> > because other users can make symlinks thus causing you to overwrite one
> > of your own files.
> 
> -1 from me, for several reasons that run deep:
> 
> A) Python's random number generator is as deterministically predictable
>    as the current counter:  this patch adds some obscurity, but not
>    any security.
> 
> B) randint most certainly does not return a unique int across calls.
>    The Birthday Paradox applies here, assuring that the expected #
>    of calls before the first duplicate is on the order of just a few
>    thousand.  So the patch takes an algorithm that doesn't repeat, and
>    turns it into one guaranteed to repeat eventually, and likely to
>    repeat much sooner.
> 
> C) Upon forking, the child gets a clone of the current state
>    of the random number generator, so parent and child will both
>    generate *exactly* the same sequence of random #s.  In this respect
>    the patched code behaves the same as the current code.

Theese are good arguments too keep the counter and improve the
random-part (using a seed and maybe a bigger number), but they are not
arguments that there should not be a random-part.



-- 
Ragnar Kjørstad