Message218650
| Author |
vstinner |
| Recipients |
georg.brandl, ncoghlan, neologix, pitrou, vstinner |
| Date |
2014年05月16日.09:47:34 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1400233655.44.0.800841081169.issue21515@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
"I don't think we can use this by default, or it will break the expected semantics of temporary files under Unix (visible by other processes)."
I proposed to change TemporaryFile, not NamedTemporaryFile. Do you mean that other processes are supposed to have access to the temporary file descriptor? Access through /proc/pid/fd/<tmp_fd>?
O_TMPFILE should increase the security because there is no more race condition between os.open() and os.unlink() (window where an attack can access the file).
My patch uses O_EXCL. It makes possible to use linkat() to create a path for the temporary file (I didn't try it, but I read that it's possible). I don't know if using O_EXCL should be the default. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2014年05月16日 09:47:35 | vstinner | set | recipients:
+ vstinner, georg.brandl, ncoghlan, pitrou, neologix |
| 2014年05月16日 09:47:35 | vstinner | set | messageid: <1400233655.44.0.800841081169.issue21515@psf.upfronthosting.co.za> |
| 2014年05月16日 09:47:35 | vstinner | link | issue21515 messages |
| 2014年05月16日 09:47:34 | vstinner | create |
|