471,349 Members | 1,412 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,349 software developers and data experts.

Question on os.tempnam() vulnerability

Hello,

Does any one know what kind of security risk these message are
suggesting?
>>f = os.tempnam()
__main__:1: RuntimeWarning: tempnam is a potential security risk to
your program
>>f
'/tmp/filed4cJNX'
>>g = os.tmpnam()
__main__:1: RuntimeWarning: tmpnam is a potential security risk to
your program
>>g
'/tmp/fileENAuNw'

Thanks,
~cw
Jan 4 '08 #1
9 3656
ca***********@gmail.com wrote:
Does any one know what kind of security risk these message are
suggesting?
>>>f = os.tempnam()
__main__:1: RuntimeWarning: tempnam is a potential security risk to
your program
>>>f
'/tmp/filed4cJNX'
>>>g = os.tmpnam()
__main__:1: RuntimeWarning: tmpnam is a potential security risk to
your program
>>>g
'/tmp/fileENAuNw'
you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.

</F>

Jan 4 '08 #2
On 2008-01-04, Fredrik Lundh <fr*****@pythonware.comwrote:
you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.
Under Windows, is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it? I never figured out a way to do that and had to fall back
on the "unsafe" tmpnam method.

--
Grant Edwards grante Yow! I have seen these EGG
at EXTENDERS in my Supermarket
visi.com ... I have read the
INSTRUCTIONS ...
Jan 4 '08 #3
On Jan 4, 12:09 pm, Fredrik Lundh <fred...@pythonware.comwrote:
cameronwon...@gmail.com wrote:
Does any one know what kind of security risk these message are
suggesting?
>>f = os.tempnam()
__main__:1: RuntimeWarning: tempnam is a potential security risk to
your program
>>f
'/tmp/filed4cJNX'
>>g = os.tmpnam()
__main__:1: RuntimeWarning: tmpnam is a potential security risk to
your program
>>g
'/tmp/fileENAuNw'

you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.

</F>
Thanks Fredrik, for the clear explanation!!!

~cw
Jan 5 '08 #4
Grant Edwards pisze:
>you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.

Under Windows, is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it? I never figured out a way to do that and had to fall back
on the "unsafe" tmpnam method.
I think it's all impossible to get only file name and feel safe. You
have to have both file name and a file object opened exclusively for
you. Any other way you'll get a possible race condition.

--
Jarek Zgoda
http://zgodowie.org/
Jan 5 '08 #5
On 2008-01-05, Jarek Zgoda <jz****@o2.usun.plwrote:
>Under Windows, is there a "safe" way to create a temp file
that has a name that can be passed to a program which will
then open it? I never figured out a way to do that and had to
fall back on the "unsafe" tmpnam method.

I think it's all impossible to get only file name and feel
safe. You have to have both file name and a file object opened
exclusively for you. Any other way you'll get a possible race
condition.
I know. That's the point of my question: how do you do that
under Windows?

--
Grant Edwards grante Yow! HAIR TONICS, please!!
at
visi.com
Jan 5 '08 #6
I know. That's the point of my question: how do you do that
under Windows?
When you create a new process, you have the option to inherit
file handles to the new process. So the parent should open the
file, and then inherit the handle to the new process.

The new process will need to know what the file handle it should
use. There are two basic options:
a) pass the file handle number as a string on the command line
b) make the handle either stdin or stdout of the new process,
and have the new process ask for its stdin/stdout handle.

IOW, it's the same approach as on Unix.

Regards,
Martin
Jan 5 '08 #7
On 2008-01-05, Martin v. Lwis <ma****@v.loewis.dewrote:
>I know. That's the point of my question: how do you do that
under Windows?

When you create a new process, you have the option to inherit
file handles to the new process. So the parent should open the
file, and then inherit the handle to the new process.
That's an answer, though not for the question I asked. The
program that's being run requires a that it be passed a
filename on the command-line.

I'm not writing the program that is to open the file. If I
were, I'd just make it a python module and call it instead of
running it in a separate process.
IOW, it's the same approach as on Unix.
Not really. Under Unix you can safely create a temp file with
a name that can be used to open the file. I asked about a way
to do that under Windows as well.

--
Grant Edwards grante Yow! ... I live in a
at FUR-LINE FALLOUT SHELTER
visi.com
Jan 5 '08 #8
That's an answer, though not for the question I asked.

I think you'll have to pose a complete question again,
rather than "how do I do that", if you want to get an
answer to your question.
Not really. Under Unix you can safely create a temp file with
a name that can be used to open the file. I asked about a way
to do that under Windows as well.
Assuming you are still talking about

" is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it?"

then also on Unix, the answer is: no, that's not possible.
I assume you are asking about a scenario such as:
a) the parent process creates a file
b) the parent process closes its handle to the file
c) the parent process creates a child process passing
the file name
d) the child process opens the file, and is certain that it
is still the same file

then this sequence cannot be implemented on Unix, either - another
process may remove the file and create a new one between b and d.

Regards,
Martin
Jan 5 '08 #9
Grant Edwards wrote:
>IOW, it's the same approach as on Unix.

Not really. Under Unix you can safely create a temp file with
a name that can be used to open the file.
Unless I'm missing something, it's not possible to do this in a safe
way in the shared temp directory; you can do that only by creating a
file in a directory that's under full control of your user.

And *that* approach works on Windows as well, of course.

</F>

Jan 5 '08 #10

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

16 posts views Thread by Tim Tyler | last post: by
8 posts views Thread by lian | last post: by
3 posts views Thread by pythos | last post: by
12 posts views Thread by Greg Hurlman | last post: by
10 posts views Thread by broeisi | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.