[Python-Dev] tempfile.mktemp and os.path.exists
Guido van Rossum
guido at python.org
Sun Nov 9 21:11:57 EST 2003
> Hello,
>
> The tempfile.mktemp function uses os.path.exists to test whether a file
> already exists. Since this returns false for broken symbolic links,
> wouldn't it be better if the function would actually do an os.lstat on
> the filename?
>
> I know the function is not safe by definition, but this issue could
> (with a low probability) cause the file to actually be created in
> another directory, as the non-existent target of the symlink, instead of
> in the given directory (the one in which the symlink resides).
>
> Regards,
> Iustin Pop
Sounds like a good suggestion; I'll see if I can check something in.
(However, given that there already exists an attack on this function,
does fixing this actually make any difference?)
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list