Author wyz23x2
Recipients ZackerySpytz, wyz23x2
Date 2020-02-27.06:36:28
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1582785388.81.0.167977917758.issue39768@roundup.psfhosted.org>
In-reply-to
Content
Reopen.
1.See https://mail.python.org/pipermail/python-dev/2019-March/156765.html and https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File. It's *serious*.
2.Why not use this to generate a
temporary name that an other program will create/act on?
import secrets
path = f"{x}{secrets.token_hex(n)}" # n is an large int
                                    # x is a path like "/tmp"
# do something...
History
Date User Action Args
2020-02-27 06:36:28wyz23x2setrecipients: + wyz23x2, ZackerySpytz
2020-02-27 06:36:28wyz23x2setmessageid: <1582785388.81.0.167977917758.issue39768@roundup.psfhosted.org>
2020-02-27 06:36:28wyz23x2linkissue39768 messages
2020-02-27 06:36:28wyz23x2create