Make a unique filesystem path, without creating the file
Mario R. Osorio
nimbiotics at gmail.com
Mon Feb 15 23:46:18 EST 2016
I would create a RAM disk (http://www.cyberciti.biz/faq/howto-create-linux-ram-disk-filesystem/), generate all the path/files I want with any, or my own algorithm, run the tests, unmount it, destroy it, be happy ... Whats wrong with that?? AFAIK, RAM disks do not get logged, and even if they do, any "insecure" file created would also be gone.
On Sunday, February 14, 2016 at 4:46:42 PM UTC-5, Ben Finney wrote:
> Howdy all,
> How should a program generate a unique filesystem path and *not* create
> the filesystem entry?
> The 'tempfile.mktemp' function is strongly deprecated, and rightly so
> because it leaves the program vulnerable to insecure file creation.
> In some code (e.g. unit tests) I am calling 'tempfile.mktemp' to
> generate a unique path for a filesystem entry that I *do not want* to
> exist on the real filesystem. In this case the filesystem security
> concerns are irrelevant because there is no file.
> The deprecation of that function is a concern still, because I don't
> want code that makes every conscientious reader need to decide whether
> the code is a problem. Instead the code should avoid rightly-deprecated
> It is also prone to that API function disappearing at some point in the
> future, because it is explicitly and strongly deprecated.
> So I agree with the deprecation, but the library doesn't appear to
> provide a replacement.
> What standard library function should I be using to generate
> 'tempfile.mktemp'-like unique paths, and *not* ever create a real file
> by that path?
> \ "If you have the facts on your side, pound the facts. If you |
> `\ have the law on your side, pound the law. If you have neither |
> _o__) on your side, pound the table." --anonymous |
> Ben Finney
More information about the Python-list