The TemporaryFile() function has a security leak -- because the
filenames generated are easily predictable, it is possible to trick an
unsuspecting program into overwriting another file by creating a
symbolic link with the predicted name. Fix this by using the
low-level os.open() function with the O_EXCL flag and mode 0700. On
non-Unix platforms, presumably there are no symbolic links so the
problem doesn't exist. The explicit test for Unix (posix, actually)
makes it possible to change the non-Unix logic to work without a
try-except clause.
The mktemp() file is as unsafe as ever.
1 file changed