[Python-Dev] Warn about mktemp once again?

Tristan Seligmann mithrandi-python-dev at mithrandi.za.net
Tue May 6 13:19:15 CEST 2008


* Antoine Pitrou <solipsis at pitrou.net> [2008-05-06 10:47:23 +0000]:

> <skip <at> pobox.com> writes:
> > 
> > Back in r29829, Guido commented out the security hole warning for
> > tempfile.mktemp:
> > 
> [...]
> > 
> >     Comment out the warnings about mktemp().  These are too annoying, and
> >     often unavoidable.
> > 
> > Any thought about whether this warning should be restored?  We're 5+ years
> > later.  Hopefully many uses of mktemp have been removed.  If we're not going
> > to restore the warning perhaps the commented code should just be deleted.
> 
> Sorry to revive this thread, but mktemp() is very useful when the file is meant
> to be created by another application (e.g. launched by subprocess, but it could
> even be a daemon running under a different user). For example if I have a
> processing chain to converts a PDF to a temporary JPEG using an external tool
> and then does other things with the JPEG: I don't want Python to actually
> create the file, just to generate an unique filename.

The correct way to do this is to create a temporary directory, and then
generate a filename underneath that directory to use.
-- 
mithrandi, i Ainil en-Balandor, a faer Ambar
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://mail.python.org/pipermail/python-dev/attachments/20080506/68915214/attachment.pgp>


More information about the Python-Dev mailing list