1
Predictable temporary path
3
Creating a temporary file on disk is a common practice, however it has the
4
potential to be a source of problems. Naively creating such files using the
5
system wide ``/tmp`` folder for example, may result in predictable and
6
unprotected file paths. This could allow an attacker to anticipate where
7
temporary files will be found and to read or modify them. Manipulation of
8
temporary files can result in the ability to control, deny or damage a process
9
or system, or gain access to sensitive information. Please see [0] for more
15
tmp = tempfile.mkstemp()
20
tmp = open('/tmp/my-tmp-file')
21
tmp = open(tempfile.mktemp(), "w")
25
* Unintended control of processes or systems
26
* Unintended destruction or denial of services
27
* Data theft or leakage
30
* [0] https://security.openstack.org/guidelines/dg_using-temporary-files-securely.html