[Tutor] Can tempfile.NamedTemporaryFile(delete=False) be used to create *permanent* uniquely named files?
cs at cskk.id.au
Tue Oct 23 07:49:52 EDT 2018
On 23Oct2018 11:24, Peter Otten <__peter__ at web.de> wrote:
>Cameron Simpson wrote:
>> The doco for mktemp (do not use! use mkstemp or the
>> classes instead!) explicitly mentions using delete=False.
>Well, "permanent temporary file" does sound odd.
>By the way, NamedTemporaryFile returns a proxy instead of the file itself.
>In some rare cases that could be a problem.
>Would mktemp() really be dangerous if you used it like this,
> for _retry in range(3):
> filename = mktemp("game_", ".json", dir=directory)
> return open(filename, "x")
> except FileExistsError:
> raise FileExistsError
>with the "x" mode?
In terms of a race, maybe not. But in terms of security? Probably.
Consider: the issue with mktemp is that it can be switched out before
Alice: mktemp() -> filename
Mallory: guess filename, put a symlink there pointing at a file which
doesn't exist, but which has an effect if it does. For example, in
ancient windows, an autorun.ini file. Or cooler, on UNIX, a file in
Alice: write to filename, not accidentally _creating_ the target of the
symlink, now writing a file somewhere unwanted.
Now, the examples above pretend that Alice has root privileges so that
Mallory affects a root run system. But for Alice, it is just as bad if
Mallory just subverts her personal account via some other pathname.
Also, there's the issue of privacy: open(), in your example, will use
the default umask, which may be more open than one wants. And so on...
Cameron Simpson <cs at cskk.id.au>
More information about the Tutor