From: Guido van Rossum <guido@python.org>
Date: Mon, 24 Apr 2000 13:28:02 +0000 (+0000)
Subject: Security patch for Unix by Chris McDonough.
X-Git-Tag: v2.0b1~1965
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=00f09b38219778b4911f9a3772f06e13153a02c8;p=python

Security patch for Unix by Chris McDonough.

This uses the same precautions when trying to find a temporary
directory as when the actual tempfile is created (using O_CREAT and
O_EXCL).  On non-posix platforms, nothing is changed.
---

diff --git a/Lib/tempfile.py b/Lib/tempfile.py
index 5b05bdd1b3..eef6bffe11 100644
--- a/Lib/tempfile.py
+++ b/Lib/tempfile.py
@@ -42,13 +42,27 @@ def gettempdir():
     testfile = gettempprefix() + 'test'
     for dir in attempdirs:
         try:
-            filename = os.path.join(dir, testfile)
-            fp = open(filename, 'w')
-            fp.write('blat')
-            fp.close()
-            os.unlink(filename)
-            tempdir = dir
-            break
+           filename = os.path.join(dir, testfile)
+           if os.name == 'posix':
+               try:
+                   fd = os.open(filename, os.O_RDWR|os.O_CREAT|os.O_EXCL, 0700)
+               except OSError:
+                   pass
+               else:
+                   fp = os.fdopen(fd, 'w')
+                   fp.write('blat')
+                   fp.close()
+                   os.unlink(filename)
+                   del fp, fd
+                   tempdir = dir
+                   break
+           else:
+               fp = open(filename, 'w')
+               fp.write('blat')
+               fp.close()
+               os.unlink(filename)
+               tempdir = dir
+               break
         except IOError:
             pass
     if tempdir is None: