Message330097
Hello,
The tempfile library does not check the prefix argument, which can be exploited to create files outside tmpdir by using directory traversal.
```
>>> import tempfile
>>> tempfile.gettempprefix()
'tmp'
>>> f = tempfile.NamedTemporaryFile(prefix="/home/mame/cracked")
>>> f.name
'/home/mame/crackedlt3y_ddm'
```
The same issue was found and treated as a vulnerability in PHP (CVE-2006-1494) and Ruby (CVE-2018-6914).
I first reported this issue to security@python.org at July 2018. Some people kindly discussed it, and finally I was told to create a ticket here. |
|
Date |
User |
Action |
Args |
2018-11-19 12:46:03 | Yusuke Endoh | set | recipients:
+ Yusuke Endoh |
2018-11-19 12:46:03 | Yusuke Endoh | set | messageid: <1542631563.19.0.788709270274.issue35278@psf.upfronthosting.co.za> |
2018-11-19 12:46:03 | Yusuke Endoh | link | issue35278 messages |
2018-11-19 12:46:03 | Yusuke Endoh | create | |
|