Question on os.tempnam() vulnerability
"Martin v. Löwis"
martin at v.loewis.de
Sat Jan 5 12:05:13 EST 2008
> That's an answer, though not for the question I asked.
I think you'll have to pose a complete question again,
rather than "how do I do that", if you want to get an
answer to your question.
> Not really. Under Unix you can safely create a temp file with
> a name that can be used to open the file. I asked about a way
> to do that under Windows as well.
Assuming you are still talking about
" is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it?"
then also on Unix, the answer is: no, that's not possible.
I assume you are asking about a scenario such as:
a) the parent process creates a file
b) the parent process closes its handle to the file
c) the parent process creates a child process passing
the file name
d) the child process opens the file, and is certain that it
is still the same file
then this sequence cannot be implemented on Unix, either - another
process may remove the file and create a new one between b and d.
Regards,
Martin
More information about the Python-list
mailing list