[Python-modules-team] Bug#737051: python-logilab-common: insecure use of /tmp
Jakub Wilk
jwilk at debian.org
Wed Jan 29 20:21:49 UTC 2014
More vulnerable code in logilab/common/shellutils.py:
class Execute:
"""This is a deadlock safe version of popen2 (no stdin), that returns
an object with errorlevel, out and err.
"""
def __init__(self, command):
outfile = tempfile.mktemp()
errfile = tempfile.mktemp()
self.status = os.system("( %s ) >%s 2>%s" %
(command, outfile, errfile)) >> 8
self.out = open(outfile, "r").read()
self.err = open(errfile, "r").read()
os.remove(outfile)
os.remove(errfile)
From the tempfile.mktemp() docstring: “This function is unsafe and
should not be used. The file name refers to a file that did not exist at
some point, but by the time you get around to creating it, someone else
may have beaten you to the punch.”
--
Jakub Wilk
More information about the Python-modules-team
mailing list