[Python-Dev] tempfile.mktemp and os.path.exists

Guido van Rossum guido at python.org
Sun Nov 9 21:11:57 EST 2003


> Hello,
> 
> The tempfile.mktemp function uses os.path.exists to test whether a file
> already exists. Since this returns false for broken symbolic links,
> wouldn't it be better if the function would actually do an os.lstat on
> the filename?
> 
> I know the function is not safe by definition, but this issue could
> (with a low probability) cause the file to actually be created in
> another directory, as the non-existent target of the symlink, instead of
> in the given directory (the one in which the symlink resides).
> 
> Regards,
> Iustin Pop

Sounds like a good suggestion; I'll see if I can check something in.

(However, given that there already exists an attack on this function,
does fixing this actually make any difference?)

--Guido van Rossum (home page: http://www.python.org/~guido/)



More information about the Python-Dev mailing list