Author Yusuke Endoh
Recipients Yusuke Endoh
Date 2018-11-19.12:46:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1542631563.19.0.788709270274.issue35278@psf.upfronthosting.co.za>
In-reply-to
Content
Hello,

The tempfile library does not check the prefix argument, which can be exploited to create files outside tmpdir by using directory traversal.

```
>>> import tempfile
>>> tempfile.gettempprefix()
'tmp'
>>> f = tempfile.NamedTemporaryFile(prefix="/home/mame/cracked")
>>> f.name
'/home/mame/crackedlt3y_ddm'
```

The same issue was found and treated as a vulnerability in PHP (CVE-2006-1494) and Ruby (CVE-2018-6914).

I first reported this issue to security@python.org at July 2018.  Some people kindly discussed it, and finally I was told to create a ticket here.
History
Date User Action Args
2018-11-19 12:46:03Yusuke Endohsetrecipients: + Yusuke Endoh
2018-11-19 12:46:03Yusuke Endohsetmessageid: <1542631563.19.0.788709270274.issue35278@psf.upfronthosting.co.za>
2018-11-19 12:46:03Yusuke Endohlinkissue35278 messages
2018-11-19 12:46:03Yusuke Endohcreate