[Python-Dev] Concerns about tempfile.mktemp()
Tim Peters
tim.one@home.com
Mon, 12 Mar 2001 21:07:46 -0500
[Matt Wilson]
> We've been auditing various code lately to check for /tmp races and so
> on. It seems that tempfile.mktemp() is used throughout the Python
> library. While nice and portable, tempfile.mktemp() is vulnerable to
> races.
> ...
Adding to what Guido said, the 2.1 mktemp() finally bites the bullet and uses
a mutex to ensure that no two threads (within a process) can ever generate
the same filename. The 2.0 mktemp() was indeed subject to races in this
respect. Freedom from cross-process races relies on using the pid in the
filename too.