[Patches] Patch to make tempfile return random filenames
Erno Kuusela
erno@iki.fi
Tue, 23 May 2000 02:06:05 +0300
hello,
(sorry for lack of references header, i was reading
the conversation from the www archives)
quoting Andrew M. Kuchling:
| I think it's worth fixing, but I'm not clear on what the safe way to
| create a temp. file *is*. Has anyone written a clear guide to the
| safe way to open tempfiles?
every time i've needed to do this safely on linux, i have used the
/bin/mktemp program. it promises to do this safely.
upon closer inspection, it appears it just does open
with O_EXCL. maybe it's not worth worrying about nfs,
if someone uses a non-unix filesystem as his
/tmp, this is probably least of his problems...
-- erno
ps. while the security hole is biggest when
root runs it, i also don't want the files of any other
user maliciously altered...
pps. while on the subject of security, i think the
getpass module should raise an exception if it fails to
get the tty into a non-echoing mode. it could fall
back to stty...