tempfile.mktemp() and symlink attacks
Neal Norwitz
neal at metaslash.com
Mon Nov 18 17:02:30 EST 2002
On Mon, 18 Nov 2002 16:04:25 -0500, Aahz wrote:
> [I'm reposting this because nobody followed up to it. I tried doing
> some research because I know there have been changed for Python 2.3, but
> I wasn't able to find the relevant posts on python-dev.]
Search for postings by Zack Weinberg. It was also mentioned in the
DDJ python-list weekly summary.
> In article <3ygu9.105734$La5.330766 at rwcrnsc52.ops.asp.att.net>, Kent Hu
> <kenthu at kenNOSPAMthu.net> wrote:
>>Is using tempfile.mktemp() vulnerable to symlink attacks? The reason I
>>ask is that the documentation for os.tempnam() and os.tmpnam() has
>>warnings about symlink attacks, but the documentation for
>>tempfile.mktemp() does not. Also, running os.tempnam() and os.tmpnam()
>>actually brings a RuntimeWarning, while I tried comparing the
>>implementations, but couldn't find the source for os.tempnam() and
>>os.tmpnam() in os.py (I'm using version 2.2.1).
os.tempnam() and os.tmpnam() come from Modules/posixmodule.c.
So they are as vulnerable as the underlying implementation
(ie, probably vulnerable).
>>Now, if tempfile.mktemp() is vulnerable, I think the docs should say so.
>>And if it's not vulnerable, the docs for os.tempnam() and os.tmpnam()
>>should refer readers to tempfile.mktemp() instead of os.tmpfile(), since
>>tempfile.mktemp() is more functionally similar.
Probably, but it should be caveated that it depends on the underlying
libc. Patches are always welcome.
Neal
More information about the Python-list
mailing list