[New-bugs-announce] [issue20447] doctest.debug_script: insecure use of /tmp
Jakub Wilk
report at bugs.python.org
Thu Jan 30 15:03:45 CET 2014
New submission from Jakub Wilk:
The doctest.debug_script function creates temporary files in an insecure way:
srcfilename = tempfile.mktemp(".py", "doctestdebug")
f = open(srcfilename, 'w')
This is already fixed for Python >= 3.2, although for reasons other than security: issue12451
----------
components: Library (Lib)
messages: 209717
nosy: jwilk
priority: normal
severity: normal
status: open
title: doctest.debug_script: insecure use of /tmp
type: security
versions: Python 2.7, Python 3.1
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20447>
_______________________________________
More information about the New-bugs-announce
mailing list