[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Python-Dev] Remove tempfile.mktemp()

On Tue, 19 Mar 2019 at 16:47, Sebastian Rittau <srittau at rittau.biz> wrote:
> But I had another thought: If I understand correctly, the exploitability
> of mktemp() relies on the fact that between determining whether the
> file exists and creation an attacker can create the file themselves.
> Couldn't this problem be solved by generating a filename of sufficient
> length using the secrets module? This way the filename should be
> "unguessable" and safe.

IMO, there's not much point trying to "fix" mktemp(). The issues with
it are clear and there are far better alternatives already available
for people who need them. The question here is simply about removing
the function "because people might mistakenly use it and create
security risks".

Personally, I don't think we should break the code of people who are
using mktemp() correctly, in awareness of its limitations, just out of
some idea of protecting people from themselves. Certainly we should
provide safe library functions wherever possible, but we should have
better reasons for removing functions that have been around for many,
many years than just "people might be using it wrongly".