[Patches] Patch to make tempfile return random filenames
Tim Peters
tim_one@email.msn.com
Sun, 21 May 2000 14:21:03 -0400
[Ragnar Kjørstad]
> This patch changes tempfile to return a random filename. The reason for
> then change is that predictable filenames can be a security-problem,
> because other users can make symlinks thus causing you to overwrite one
> of your own files.
>
> A side-effect is that the filename will be uniq without the need for a
> counter, and thus removing the problem of filenames not beeing uniq
> after a fork.
>
> The filenames would also be uniq without the pid-part, but I left it
> there because it's practical for debugging and such.
-1 from me, for several reasons that run deep:
A) Python's random number generator is as deterministically predictable
as the current counter: this patch adds some obscurity, but not
any security.
B) randint most certainly does not return a unique int across calls.
The Birthday Paradox applies here, assuring that the expected #
of calls before the first duplicate is on the order of just a few
thousand. So the patch takes an algorithm that doesn't repeat, and
turns it into one guaranteed to repeat eventually, and likely to
repeat much sooner.
C) Upon forking, the child gets a clone of the current state
of the random number generator, so parent and child will both
generate *exactly* the same sequence of random #s. In this respect
the patched code behaves the same as the current code.