Message 135615 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ncoghlan
Recipients	amaury.forgeotdarc, eric.araujo, ncoghlan, neologix, pitrou, planet36, rhettinger, vstinner
Date	2011-05-09.17:06:36
SpamBayes Score	1.5301888e-05
Marked as misclassified	No
Message-id	<1304960797.15.0.858767542488.issue12015@psf.upfronthosting.co.za>
In-reply-to

Content
Oh, you mean the security risk if the temporary names can be guessed? My recollection is that it is more of a problem for temporary directories than it is for temporary files, since the module can't control how files inside a temp directory get created. It's been a long time since I read anything detailed on the threat models and attack scenarios mkstemp() and friends were designed to handle though, so Google may be a better source of answers on that front.

Oh, you mean the security risk if the temporary names can be guessed? My recollection is that it is more of a problem for temporary directories than it is for temporary files, since the module can't control how files inside a temp directory get created. It's been a long time since I read anything detailed on the threat models and attack scenarios mkstemp() and friends were designed to handle though, so Google may be a better source of answers on that front.

History
Date	User	Action	Args
2011-05-09 17:06:37	ncoghlan	set	recipients: + ncoghlan, rhettinger, amaury.forgeotdarc, pitrou, vstinner, eric.araujo, neologix, planet36
2011-05-09 17:06:37	ncoghlan	set	messageid: <1304960797.15.0.858767542488.issue12015@psf.upfronthosting.co.za>
2011-05-09 17:06:36	ncoghlan	link	issue12015 messages
2011-05-09 17:06:36	ncoghlan	create