Movatterモバイル変換

[Python-Dev] Remove tempfile.mktemp()

Jeroen DemeyerJ.Demeyer at UGent.be
Wed Mar 20 07:53:20 EDT 2019

Previous message (by thread):[Python-Dev] Remove tempfile.mktemp()
Next message (by thread):[Python-Dev] Remove tempfile.mktemp()
Messages sorted by:[ date ][ thread ][ subject ][ author ]

On 2019-03-20 12:45, Victor Stinner wrote:> You can watch the /tmp directory using inotify and "discover"> immediately the "secret" filename, it doesn't depend on the amount of> entropy used to generate the filename.That's not the problem. The security issue here is guessing the filename *before* it's created and putting a different file or symlink in place.So I actually do think that mktemp() could be made secure by using a longer name generated by a secure random generator.

Previous message (by thread):[Python-Dev] Remove tempfile.mktemp()
Next message (by thread):[Python-Dev] Remove tempfile.mktemp()
Messages sorted by:[ date ][ thread ][ subject ][ author ]

More information about the Python-Devmailing list

[8]ページ先頭