[issue39768] remove tempfile.mktemp()
wyz23x2
report at bugs.python.org
Thu Feb 27 01:36:28 EST 2020
wyz23x2 <wyz23x2 at 163.com> added the comment:
Reopen.
1.See https://mail.python.org/pipermail/python-dev/2019-March/156765.html and https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File. It's *serious*.
2.Why not use this to generate a
temporary name that an other program will create/act on?
import secrets
path = f"{x}{secrets.token_hex(n)}" # n is an large int
# x is a path like "/tmp"
# do something...
----------
resolution: duplicate ->
status: closed -> open
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue39768>
_______________________________________
More information about the Python-bugs-list
mailing list