Security patch for Unix by Chris McDonough.

This uses the same precautions when trying to find a temporary directory as when the actual tempfile is created (using O_CREAT and O_EXCL). On non-posix platforms, nothing is changed.

Security patch for Unix by Chris McDonough.
This uses the same precautions when trying to find a temporary directory as when the actual tempfile is created (using O_CREAT and O_EXCL). On non-posix platforms, nothing is changed.
00f09b38 · Guido van Rossum · bfbf1138 · 00f09b38
Kaydet (Commit) 00f09b38 authored Nis 24, 2000 tarafından Guido van Rossum
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 7 deletions

tempfile.py Lib/tempfile.py +21 -7

No files found.
--- a/Lib/tempfile.py
+++ b/Lib/tempfile.py
@@ -42,13 +42,27 @@ def gettempdir():
    testfile = gettempprefix() + 'test'
    for dir in attempdirs:
        try:
-            filename = os.path.join(dir, testfile)
-            fp = open(filename, 'w')
-            fp.write('blat')
-            fp.close()
-            os.unlink(filename)
-            tempdir = dir
-            break
+           filename = os.path.join(dir, testfile)
+           if os.name == 'posix':
+               try:
+                   fd = os.open(filename, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700)
+               except OSError:
+                   pass
+               else:
+                   fp = os.fdopen(fd, 'w')
+                   fp.write('blat')
+                   fp.close()
+                   os.unlink(filename)
+                   del fp, fd
+                   tempdir = dir
+                   break
+           else:
+               fp = open(filename, 'w')
+               fp.write('blat')
+               fp.close()
+               os.unlink(filename)
+               tempdir = dir
+               break
        except IOError:
            pass
    if tempdir is None: