how to write a line in a text file

[Steven D'Aprano]

On Mon, 25 Jul 2005 20:51:42 +0100, Steve Holden wrote:

> In Python you can use a text file's readlines() method to build a list 
> of all the lines in a file. That makes it quite easy to change numbered 
> lines. Having modified the file's content in memory you can then create 
> a new file using the writelines() method of a new file. The trick is to 
> avoid losing both the old and the new files when a low-probability crash 
> occurs.

I'm usually opposed to creeping featuritis in programming languages ("it
would be really cool if Python had a built-in command to do my entire
application") but safe over-writing of files does cry out for a "batteries
included" approach:

- it is a common usage;
- it is tricky to get right;
- it is even trickier to get right in a platform independent way;
- and it is even trickier again to get right in a platform independent way
that doesn't introduce security risks.

The normal trick is to do something like:

read file A;
write temporary file B without clobbering any existing B;
rename file A to C;
rename B to A;
delete C when you know the writing and renaming has succeeded;
and do it all in such a way that it succeeds even if there is very little
available disk-space.

The platform-independence comes from the fact that different OSes expect
the temporary files to live in different places (eg /tmp/ under Linux).
Most operating systems consider it poor form to just write temporary files
any old place.

I'm told by those who claim to know what they're talking about that a
potential risk exists if an attacker can predict the temporary file name
and thus do nefarious things. The exact nature of those nefarious things
was not explained to me, but I do recall the occasional security advisory
for applications which use insufficiently-random temporary file names.

Does anyone have anything suitable for a "safe-overwrite" module?

-- 
Steven.