[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] Remove tempfile.mktemp()


I would prefer to keep tempfile.mktemp(), remove the deprecation, but
better explain the risk of race condition affecting security.

Le mar. 19 mars 2019 ? 14:41, Chris Angelico <rosuav at gmail.com> a ?crit :
> Can't you create a NamedTemporaryFile and permit the other program to
> use it? I just tried that (with TiMidity, even though it's quite
> capable of just writing to stdout) and it worked fine.

When I write tests, I don't really care of security, but
NamedTemporaryFile caused me many troubles on Windows: you cannot
delete a file if it's still open in a another program. It's way more
convenient to use tempfile.mktemp().

O_EXCL, open(tmpname, "wx"), os.open(tmpname, os.O_CREAT | os.O_EXCL |
os.O_WRONLY), etc. can be used to get an error if the file already

I agree that for production code where security matters,
tempfile.mktemp() must be avoided. But I would prefer to keep it for

"with NamedTemporaryFile() as tmp: name = tmp.name" isn't a great
replacement for tempfile.mktemp(): it creates the file and it opens
it, whereas I only want a file name and be the first file to create
and open it.