On Mar 13, 2009, at 2:31 PM, Martin v. Löwis wrote:
Think about the security implications of a file name that is in
advance known to an attacker as well as the fact that the said file
will replace an *important* system file.
You should always use O_EXCL in that case. Relying on random name will
be a severe security threat to the application.
If you read an implementation of mkstemp() function, you'll see that
it does exactly that:
if ((*doopen = open(path, O_CREAT|O_EXCL|O_RDWR, 0600)) >= 0)
return(1);
if (errno != EEXIST)
return(0);
That's why I mentioned mkstemp() in the OP.
Zvezdan
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
