Message 330097 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Yusuke Endoh
Recipients	Yusuke Endoh
Date	2018-11-19.12:46:03
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1542631563.19.0.788709270274.issue35278@psf.upfronthosting.co.za>
In-reply-to

Content
Hello, The tempfile library does not check the prefix argument, which can be exploited to create files outside tmpdir by using directory traversal. ``` >>> import tempfile >>> tempfile.gettempprefix() 'tmp' >>> f = tempfile.NamedTemporaryFile(prefix="/home/mame/cracked") >>> f.name '/home/mame/crackedlt3y_ddm' ``` The same issue was found and treated as a vulnerability in PHP (CVE-2006-1494) and Ruby (CVE-2018-6914). I first reported this issue to security@python.org at July 2018. Some people kindly discussed it, and finally I was told to create a ticket here.

Hello,

The tempfile library does not check the prefix argument, which can be exploited to create files outside tmpdir by using directory traversal.

```
>>> import tempfile
>>> tempfile.gettempprefix()
'tmp'
>>> f = tempfile.NamedTemporaryFile(prefix="/home/mame/cracked")
>>> f.name
'/home/mame/crackedlt3y_ddm'
```

The same issue was found and treated as a vulnerability in PHP (CVE-2006-1494) and Ruby (CVE-2018-6914).

I first reported this issue to security@python.org at July 2018.  Some people kindly discussed it, and finally I was told to create a ticket here.

History
Date	User	Action	Args
2018-11-19 12:46:03	Yusuke Endoh	set	recipients: + Yusuke Endoh
2018-11-19 12:46:03	Yusuke Endoh	set	messageid: <1542631563.19.0.788709270274.issue35278@psf.upfronthosting.co.za>
2018-11-19 12:46:03	Yusuke Endoh	link	issue35278 messages
2018-11-19 12:46:03	Yusuke Endoh	create