[Bug 380903] Re: Changes permissions in an insecure manner

Jamie Strandboge jamie at ubuntu.com
Wed Jun 3 21:56:18 UTC 2009


Actually, I don't think this is a problem as mkstemp should already be
created securely. From http://docs.python.org/library/tempfile.html:

tempfile.mkstemp([suffix=''[, prefix='tmp'[, dir=None[, text=False]]]])

    Creates a temporary file in the most secure manner possible. There
are no race conditions in the file’s creation, assuming that the
platform properly implements the os.O_EXCL flag for os.open(). The file
is readable and writable only by the creating user ID. If the platform
uses permission bits to indicate whether a file is executable, the file
is executable by no one. The file descriptor is not inherited by child
processes.

I then tested this by using (don't criticize me for using os.system ;):
>>> import tempfile
>>> (fp, path) = tempfile.mkstemp()
>>> print path
/tmp/tmpzkssLW
>>> import os
>>> os.system ('ls -l /tmp/tmpzkssLW')
-rw------- 1 jamie jamie 0 2009-06-03 16:54 /tmp/tmpzkssLW
0

** Changed in: ec2-init (Ubuntu)
       Status: New => Invalid

-- 
Changes permissions in an insecure manner
https://bugs.launchpad.net/bugs/380903
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


More information about the universe-bugs mailing list