Security patch for Unix by Chris McDonough.

This uses the same precautions when trying to find a temporary directory as when the actual tempfile is created (using O_CREAT and O_EXCL). On non-posix platforms, nothing is changed.
2000-04-24 13:28:02 +00:00 · 2000-04-24 13:28:02 +00:00 · 00f09b3821
parent bfbf113827
commit 00f09b3821
1 changed files with 21 additions and 7 deletions
--- a/Lib/tempfile.py
+++ b/Lib/tempfile.py
@ -43,6 +43,20 @@ def gettempdir():
    for dir in attempdirs:
        try:
           filename = os.path.join(dir, testfile)
+           if os.name == 'posix':
+               try:
+                   fd = os.open(filename, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700)
+               except OSError:
+                   pass
+               else:
+                   fp = os.fdopen(fd, 'w')
+                   fp.write('blat')
+                   fp.close()
+                   os.unlink(filename)
+                   del fp, fd
+                   tempdir = dir
+                   break
+           else:
               fp = open(filename, 'w')
               fp.write('blat')
               fp.close()