Question on os.tempnam() vulnerability
Grant Edwards
grante at visi.com
Fri Jan 4 16:08:00 EST 2008
On 2008-01-04, Fredrik Lundh <fredrik at pythonware.com> wrote:
> you get a name instead of a file, so someone else can create that file
> after you've called tempnam/tmpnam, but before you've actually gotten
> around to create the file yourself. which means that anyone on the
> machine might be able to mess with your application's data.
>
> use the functions marked as "safe" in the tempfile module instead.
Under Windows, is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it? I never figured out a way to do that and had to fall back
on the "unsafe" tmpnam method.
--
Grant Edwards grante Yow! I have seen these EGG
at EXTENDERS in my Supermarket
visi.com ... I have read the
INSTRUCTIONS ...
More information about the Python-list
mailing list