[Python-Dev] tempfile.mktemp and os.path.exists
Guido van Rossum
guido at python.org
Mon Nov 10 16:30:12 EST 2003
> > Sounds like a good suggestion; I'll see if I can check something in.
> The fix is trivial (IMHO). A patch is attached.
Now there you are wrong, my friend. :-)
> > (However, given that there already exists an attack on this function,
> > does fixing this actually make any difference?)
> Not really, but it is defensive programming (since the module is
> security-oriented). Maybe you want a non-existent name for a block
> device or a pipe (which mkstemp doesn't provide).
I use it all the time for situations where I have to name a file that
an external program is going to create for me.
> I happened to look into the module to see if I can replace some
> hand-written functions with the ones in the module and I saw that
> mktemp() could be improved maybe.
> Iustin Pop
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: attachment; filename="tempfile.patch"
> diff -urN old/tempfile.py new/tempfile.py
> --- old/tempfile.py 2003-11-10 23:07:46.000000000 +0200
> +++ new/tempfile.py 2003-11-10 23:22:57.000000000 +0200
> @@ -338,7 +338,9 @@
> for seq in xrange(TMP_MAX):
> name = names.next()
> file = _os.path.join(dir, prefix + name + suffix)
> - if not _os.path.exists(file):
> + try:
> + _os.lstat(file)
> + except _os.error:
> return file
> raise IOError, (_errno.EEXIST, "No usable temporary filename found")
This fix would break on non-Unix platforms (the module should work
everywhere). Fortunately I already checked something in that *does*
work across platforms. :-)
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev