Title: doctest.debug_script: insecure use of /tmp
Type: security Stage: resolved
Components: Library (Lib) Versions: Python 3.1, Python 2.7
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: Nosy List: berker.peksag, jwilk
Priority: normal Keywords:

Created on 2014-01-30 14:03 by jwilk, last changed 2016-04-28 04:10 by berker.peksag. This issue is now closed.

Messages (2)
msg209717 - (view) Author: Jakub Wilk (jwilk) Date: 2014-01-30 14:03
The doctest.debug_script function creates temporary files in an insecure way:

    srcfilename = tempfile.mktemp(".py", "doctestdebug")
    f = open(srcfilename, 'w')

This is already fixed for Python >= 3.2, although for reasons other than security: issue12451
msg264408 - (view) Author: Berker Peksag (berker.peksag) * (Python committer) Date: 2016-04-28 04:10
3.1 is now EOL:
Date User Action Args
2016-04-28 04:10:22berker.peksagsetstatus: open -> closed

nosy: + berker.peksag
messages: + msg264408

resolution: out of date
stage: resolved
2014-01-30 14:03:45jwilkcreate