On Fri, Mar 22, 2019 at 6:19 PM Inada Naoki wrote:
> On Sat, Mar 23, 2019 at 3:02 AM Brett Cannon wrote:
> >
> >>
> >> There might be some small troubles. But it was small enough for
> >> Python minor versions, I think.
> >
> >
> > I don't think it's worth the cost to users. We can just choose
On 20Mar2019 12:53, Jeroen Demeyer wrote:
On 2019-03-20 12:45, Victor Stinner wrote:
You can watch the /tmp directory using inotify and "discover"
immediately the "secret" filename, it doesn't depend on the amount of
entropy used to generate the filename.
That's not the problem. The security
On 3/23/19, Cameron Simpson wrote:
>
> Also, the common examples are attackers who are not the user making the
> tempfile, in which case the _default_ mktemp is sort of secure with the
> above because it gets made in /tmp which on a modern POSIX system
> prevents _other_ uses from removing/renamin
On Sun, Mar 24, 2019 at 8:07 AM Brett Cannon wrote:
>
>
> I've made the same mistake of assuming something that made no sense to me
> wouldn't make sense to anyone else and I have been proven wrong nearly every
> time. ;)
>
> -Brett
>
And beta and RC phase can be used to detect such breakage.
