This uses the same precautions when trying to find a temporary
directory as when the actual tempfile is created (using O_CREAT and
O_EXCL). On non-posix platforms, nothing is changed.
The attached patches update the standard library so that all modules
have docstrings beginning with one-line summaries.
A new docstring was added to formatter. The docstring for os.py
was updated to mention nt, os2, ce in addition to posix, dos, mac.
filenames generated are easily predictable, it is possible to trick an
unsuspecting program into overwriting another file by creating a
symbolic link with the predicted name. Fix this by using the
low-level os.open() function with the O_EXCL flag and mode 0700. On
non-Unix platforms, presumably there are no symbolic links so the
problem doesn't exist. The explicit test for Unix (posix, actually)
makes it possible to change the non-Unix logic to work without a
try-except clause.
The mktemp() file is as unsafe as ever.
Guido van Rossum