Question on os.tempnam() vulnerability
Fredrik Lundh
fredrik at pythonware.com
Sat Jan 5 12:07:31 EST 2008
Grant Edwards wrote:
>> IOW, it's the same approach as on Unix.
>
> Not really. Under Unix you can safely create a temp file with
> a name that can be used to open the file.
Unless I'm missing something, it's not possible to do this in a safe
way in the shared temp directory; you can do that only by creating a
file in a directory that's under full control of your user.
And *that* approach works on Windows as well, of course.
</F>
More information about the Python-list
mailing list