[Python-Dev] Remove tempfile.mktemp()

Paul Moore p.f.moore at gmail.com
Tue Mar 19 13:03:38 EDT 2019

On Tue, 19 Mar 2019 at 16:47, Sebastian Rittau <srittau at rittau.biz> wrote:
> But I had another thought: If I understand correctly, the exploitability
> of mktemp() relies on the fact that between determining whether the
> file exists and creation an attacker can create the file themselves.
> Couldn't this problem be solved by generating a filename of sufficient
> length using the secrets module? This way the filename should be
> "unguessable" and safe.

IMO, there's not much point trying to "fix" mktemp(). The issues with
it are clear and there are far better alternatives already available
for people who need them. The question here is simply about removing
the function "because people might mistakenly use it and create
security risks".

Personally, I don't think we should break the code of people who are
using mktemp() correctly, in awareness of its limitations, just out of
some idea of protecting people from themselves. Certainly we should
provide safe library functions wherever possible, but we should have
better reasons for removing functions that have been around for many,
many years than just "people might be using it wrongly".


More information about the Python-Dev mailing list