From dce3d5502e5498615362cd4edd9c81bc0de3036a Mon Sep 17 00:00:00 2001
From: Guido van Rossum <guido@python.org>
Date: Sat, 24 Oct 1998 01:34:45 +0000
Subject: [PATCH] The TemporaryFile() function has a security leak -- because
 the filenames generated are easily predictable, it is possible to trick an
 unsuspecting program into overwriting another file by creating a symbolic
 link with the predicted name.  Fix this by using the low-level os.open()
 function with the O_EXCL flag and mode 0700.  On non-Unix platforms,
 presumably there are no symbolic links so the problem doesn't exist.  The
 explicit test for Unix (posix, actually) makes it possible to change the
 non-Unix logic to work without a try-except clause.

The mktemp() file is as unsafe as ever.
---
 Lib/tempfile.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Lib/tempfile.py b/Lib/tempfile.py
index 6a2730a892a..140eebccf91 100644
--- a/Lib/tempfile.py
+++ b/Lib/tempfile.py
@@ -126,11 +126,12 @@ class TemporaryFileWrapper:
 
 def TemporaryFile(mode='w+b', bufsize=-1, suffix=""):
     name = mktemp(suffix)
-    file = open(name, mode, bufsize)
-    try:
+    if os.name == 'posix':
+        # Unix -- be very careful
+        fd = os.open(name, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700)
         os.unlink(name)
-    except os.error:
-        # Non-unix -- can't unlink file that's still open, use wrapper
-        return TemporaryFileWrapper(file, name)
+        return os.fdopen(fd, mode, bufsize)
     else:
-        return file
+        # Non-unix -- can't unlink file that's still open, use wrapper
+        file = open(name, mode, bufsize)
+        return TemporaryFileWrapper(file, name)