Security patch for Unix by Chris McDonough.

This uses the same precautions when trying to find a temporary directory as when the actual tempfile is created (using O_CREAT and O_EXCL). On non-posix platforms, nothing is changed.
2000-04-24 13:28:02 +00:00 · 2000-04-24 13:28:02 +00:00 · 00f09b3821
parent bfbf113827
commit 00f09b3821
1 changed files with 21 additions and 7 deletions
--- a/Lib/tempfile.py
+++ b/Lib/tempfile.py
@ -42,13 +42,27 @@ def gettempdir():
    testfile = gettempprefix() + 'test'
    for dir in attempdirs:
        try:
-            filename = os.path.join(dir, testfile)
-            fp = open(filename, 'w')
-            fp.write('blat')
-            fp.close()
-            os.unlink(filename)
-            tempdir = dir
-            break
+           filename = os.path.join(dir, testfile)
+           if os.name == 'posix':
+               try:
+                   fd = os.open(filename, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700)
+               except OSError:
+                   pass
+               else:
+                   fp = os.fdopen(fd, 'w')
+                   fp.write('blat')
+                   fp.close()
+                   os.unlink(filename)
+                   del fp, fd
+                   tempdir = dir
+                   break
+           else:
+               fp = open(filename, 'w')
+               fp.write('blat')
+               fp.close()
+               os.unlink(filename)
+               tempdir = dir
+               break
        except IOError:
            pass
    if tempdir is None: