Author vstinner
Recipients georg.brandl, ncoghlan, neologix, pitrou, vstinner
Date 2014-05-16.09:47:34
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1400233655.44.0.800841081169.issue21515@psf.upfronthosting.co.za>
In-reply-to
Content
"I don't think we can use this by default, or it will break the expected semantics of temporary files under Unix (visible by other processes)."

I proposed to change TemporaryFile, not NamedTemporaryFile. Do you mean that other processes are supposed to have access to the temporary file descriptor? Access through /proc/pid/fd/<tmp_fd>?

O_TMPFILE should increase the security because there is no more race condition between os.open() and os.unlink() (window where an attack can access the file).

My patch uses O_EXCL. It makes possible to use linkat() to create a path for the temporary file (I didn't try it, but I read that it's possible). I don't know if using O_EXCL should be the default.
History
Date User Action Args
2014-05-16 09:47:35vstinnersetrecipients: + vstinner, georg.brandl, ncoghlan, pitrou, neologix
2014-05-16 09:47:35vstinnersetmessageid: <1400233655.44.0.800841081169.issue21515@psf.upfronthosting.co.za>
2014-05-16 09:47:35vstinnerlinkissue21515 messages
2014-05-16 09:47:34vstinnercreate