473,322 Members | 1,526 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

Question on os.tempnam() vulnerability

Hello,

Does any one know what kind of security risk these message are
suggesting?
>>f = os.tempnam()
__main__:1: RuntimeWarning: tempnam is a potential security risk to
your program
>>f
'/tmp/filed4cJNX'
>>g = os.tmpnam()
__main__:1: RuntimeWarning: tmpnam is a potential security risk to
your program
>>g
'/tmp/fileENAuNw'

Thanks,
~cw
Jan 4 '08 #1
9 3786
ca***********@gmail.com wrote:
Does any one know what kind of security risk these message are
suggesting?
>>>f = os.tempnam()
__main__:1: RuntimeWarning: tempnam is a potential security risk to
your program
>>>f
'/tmp/filed4cJNX'
>>>g = os.tmpnam()
__main__:1: RuntimeWarning: tmpnam is a potential security risk to
your program
>>>g
'/tmp/fileENAuNw'
you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.

</F>

Jan 4 '08 #2
On 2008-01-04, Fredrik Lundh <fr*****@pythonware.comwrote:
you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.
Under Windows, is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it? I never figured out a way to do that and had to fall back
on the "unsafe" tmpnam method.

--
Grant Edwards grante Yow! I have seen these EGG
at EXTENDERS in my Supermarket
visi.com ... I have read the
INSTRUCTIONS ...
Jan 4 '08 #3
On Jan 4, 12:09 pm, Fredrik Lundh <fred...@pythonware.comwrote:
cameronwon...@gmail.com wrote:
Does any one know what kind of security risk these message are
suggesting?
>>f = os.tempnam()
__main__:1: RuntimeWarning: tempnam is a potential security risk to
your program
>>f
'/tmp/filed4cJNX'
>>g = os.tmpnam()
__main__:1: RuntimeWarning: tmpnam is a potential security risk to
your program
>>g
'/tmp/fileENAuNw'

you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.

</F>
Thanks Fredrik, for the clear explanation!!!

~cw
Jan 5 '08 #4
Grant Edwards pisze:
>you get a name instead of a file, so someone else can create that file
after you've called tempnam/tmpnam, but before you've actually gotten
around to create the file yourself. which means that anyone on the
machine might be able to mess with your application's data.

use the functions marked as "safe" in the tempfile module instead.

Under Windows, is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it? I never figured out a way to do that and had to fall back
on the "unsafe" tmpnam method.
I think it's all impossible to get only file name and feel safe. You
have to have both file name and a file object opened exclusively for
you. Any other way you'll get a possible race condition.

--
Jarek Zgoda
http://zgodowie.org/
Jan 5 '08 #5
On 2008-01-05, Jarek Zgoda <jz****@o2.usun.plwrote:
>Under Windows, is there a "safe" way to create a temp file
that has a name that can be passed to a program which will
then open it? I never figured out a way to do that and had to
fall back on the "unsafe" tmpnam method.

I think it's all impossible to get only file name and feel
safe. You have to have both file name and a file object opened
exclusively for you. Any other way you'll get a possible race
condition.
I know. That's the point of my question: how do you do that
under Windows?

--
Grant Edwards grante Yow! HAIR TONICS, please!!
at
visi.com
Jan 5 '08 #6
I know. That's the point of my question: how do you do that
under Windows?
When you create a new process, you have the option to inherit
file handles to the new process. So the parent should open the
file, and then inherit the handle to the new process.

The new process will need to know what the file handle it should
use. There are two basic options:
a) pass the file handle number as a string on the command line
b) make the handle either stdin or stdout of the new process,
and have the new process ask for its stdin/stdout handle.

IOW, it's the same approach as on Unix.

Regards,
Martin
Jan 5 '08 #7
On 2008-01-05, Martin v. Löwis <ma****@v.loewis.dewrote:
>I know. That's the point of my question: how do you do that
under Windows?

When you create a new process, you have the option to inherit
file handles to the new process. So the parent should open the
file, and then inherit the handle to the new process.
That's an answer, though not for the question I asked. The
program that's being run requires a that it be passed a
filename on the command-line.

I'm not writing the program that is to open the file. If I
were, I'd just make it a python module and call it instead of
running it in a separate process.
IOW, it's the same approach as on Unix.
Not really. Under Unix you can safely create a temp file with
a name that can be used to open the file. I asked about a way
to do that under Windows as well.

--
Grant Edwards grante Yow! ... I live in a
at FUR-LINE FALLOUT SHELTER
visi.com
Jan 5 '08 #8
That's an answer, though not for the question I asked.

I think you'll have to pose a complete question again,
rather than "how do I do that", if you want to get an
answer to your question.
Not really. Under Unix you can safely create a temp file with
a name that can be used to open the file. I asked about a way
to do that under Windows as well.
Assuming you are still talking about

" is there a "safe" way to create a temp file that
has a name that can be passed to a program which will then open
it?"

then also on Unix, the answer is: no, that's not possible.
I assume you are asking about a scenario such as:
a) the parent process creates a file
b) the parent process closes its handle to the file
c) the parent process creates a child process passing
the file name
d) the child process opens the file, and is certain that it
is still the same file

then this sequence cannot be implemented on Unix, either - another
process may remove the file and create a new one between b and d.

Regards,
Martin
Jan 5 '08 #9
Grant Edwards wrote:
>IOW, it's the same approach as on Unix.

Not really. Under Unix you can safely create a temp file with
a name that can be used to open the file.
Unless I'm missing something, it's not possible to do this in a safe
way in the shared temp directory; you can do that only by creating a
file in a directory that's under full control of your user.

And *that* approach works on Windows as well, of course.

</F>

Jan 5 '08 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

16
by: Tim Tyler | last post by:
Today's: "Directory Traversal Vulnerability": - http://secunia.com/advisories/10955/ More evidence tht PHP was hacked together rapidly without a great deal of thought being given to security....
8
by: lian | last post by:
Hi all, I have installed a web-based software written in php which needs that i should turn "register_globals" from off to on in the php.ini. There are some comments for register_globals in...
3
by: pythos | last post by:
Newbie at python (but not programming) here... I have a program that has "import os" at the top, and then later a call to utime() is made. The python interpreter says "name 'utime' is not...
1
by: Norman Diamond | last post by:
Page http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vclib/html/_crt_sscanf.2c_.swscanf.asp says: > Security Note When reading a string with sscanf, always specify a width >...
12
by: Greg Hurlman | last post by:
http://sourceforge.net/mailarchive/forum.php?thread_id=5671607&forum_id=24754 This is, IMNSHO, the worst thing I've ever heard of. Spread the word, test your sites, and send angry emails to...
7
by: Nak | last post by:
Hi there, Im currently developing a web site using PHP. Unfortunately due to limitations with my web server I am having to use XML as a method of data persitance, this doesn't really bother me...
10
by: broeisi | last post by:
What advantages does sscanf offer over scanf? I had the following code: #include <stdio.h> #include <string.h> int main(void) { int start, finish, values;
5
by: Norm | last post by:
Does anyone have any suggestions for securing against this vulnerability: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1027 Fixes are not yet available from IBM. They will be in FP2 for V9...
1
by: Cat | last post by:
Hi. Would you recommend a ASP (IIS) web server vulnerability scanner? If I install the all the updates from Microsoft, then I don't need vulnerability scanners? I was on a chat, I installed all...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.