New submission from Christian Heimes:
I couldn't stand the compiler warnings any more. :)
The patch removes os.tmpnam() and os.tempnam() from the posix module. It
also updates the docs and tests. TMP_MAX is kept for the tempfile
module. I haven't figured out how to remove the defines from pyconfig.h.
I guess they are always added by autoconf/automake.
----------
components: Documentation, Extension Modules
files: py3k_remove_os_tmpnam.patch
messages: 56693
nosy: tiran
severity: normal
status: open
title: Remove os.tmpnam() and os.tempnam() [patch]
type: resource usage
versions: Python 3.0
Added file: http://bugs.python.org/file8599/py3k_remove_os_tmpnam.patch
__________________________________
Tracker <[EMAIL PROTECTED]>
<http://bugs.python.org/issue1318>
__________________________________
Index: Misc/NEWS
===================================================================
--- Misc/NEWS (revision 58619)
+++ Misc/NEWS (working copy)
@@ -39,7 +39,10 @@
argument was being ignored if __loader__ is defined and forcing the source to
be UTF-8.
+- The `os.tmpnam()` and `os.tempnam()` methods have been removed in favor
+ of the tempfile module. Both methods were vulnerable to symlink attacks.
+
What's New in Python 3.0a1?
==========================
Index: Doc/library/os.rst
===================================================================
--- Doc/library/os.rst (revision 58619)
+++ Doc/library/os.rst (working copy)
@@ -1077,53 +1077,6 @@
Create a symbolic link pointing to *src* named *dst*. Availability: Unix.
-.. function:: tempnam([dir[, prefix]])
-
- Return a unique path name that is reasonable for creating a temporary file.
- This will be an absolute path that names a potential directory entry in the
- directory *dir* or a common location for temporary files if *dir* is omitted or
- ``None``. If given and not ``None``, *prefix* is used to provide a short prefix
- to the filename. Applications are responsible for properly creating and
- managing files created using paths returned by :func:`tempnam`; no automatic
- cleanup is provided. On Unix, the environment variable :envvar:`TMPDIR`
- overrides *dir*, while on Windows the :envvar:`TMP` is used. The specific
- behavior of this function depends on the C library implementation; some aspects
- are underspecified in system documentation.
-
- .. warning::
-
- Use of :func:`tempnam` is vulnerable to symlink attacks; consider using
- :func:`tmpfile` (section :ref:`os-newstreams`) instead.
-
- Availability: Macintosh, Unix, Windows.
-
-
-.. function:: tmpnam()
-
- Return a unique path name that is reasonable for creating a temporary file.
- This will be an absolute path that names a potential directory entry in a common
- location for temporary files. Applications are responsible for properly
- creating and managing files created using paths returned by :func:`tmpnam`; no
- automatic cleanup is provided.
-
- .. warning::
-
- Use of :func:`tmpnam` is vulnerable to symlink attacks; consider using
- :func:`tmpfile` (section :ref:`os-newstreams`) instead.
-
- Availability: Unix, Windows. This function probably shouldn't be used on
- Windows, though: Microsoft's implementation of :func:`tmpnam` always creates a
- name in the root directory of the current drive, and that's generally a poor
- location for a temp file (depending on privileges, you may not even be able to
- open a file using this name).
-
-
-.. data:: TMP_MAX
-
- The maximum number of unique names that :func:`tmpnam` will generate before
- reusing names.
-
-
.. function:: unlink(path)
Remove the file *path*. This is the same function as :func:`remove`; the
Index: Lib/test/test_os.py
===================================================================
--- Lib/test/test_os.py (revision 58619)
+++ Lib/test/test_os.py (working copy)
@@ -8,9 +8,6 @@
import sys
from test import test_support
-warnings.filterwarnings("ignore", "tempnam", RuntimeWarning, __name__)
-warnings.filterwarnings("ignore", "tmpnam", RuntimeWarning, __name__)
-
# Tests creating TESTFN
class FileTests(unittest.TestCase):
def setUp(self):
@@ -42,20 +39,6 @@
open(name, "w")
self.files.append(name)
- def test_tempnam(self):
- if not hasattr(os, "tempnam"):
- return
- warnings.filterwarnings("ignore", "tempnam", RuntimeWarning,
- r"test_os$")
- self.check_tempfile(os.tempnam())
-
- name = os.tempnam(test_support.TESTFN)
- self.check_tempfile(name)
-
- name = os.tempnam(test_support.TESTFN, "pfx")
- self.assertEqual(os.path.basename(name)[:3], "pfx")
- self.check_tempfile(name)
-
def test_tmpfile(self):
if not hasattr(os, "tmpfile"):
return
@@ -66,34 +49,6 @@
fp.close()
self.assertEquals(s, b"foobar")
- def test_tmpnam(self):
- import sys
- if not hasattr(os, "tmpnam"):
- return
- warnings.filterwarnings("ignore", "tmpnam", RuntimeWarning,
- r"test_os$")
- name = os.tmpnam()
- if sys.platform in ("win32",):
- # The Windows tmpnam() seems useless. From the MS docs:
- #
- # The character string that tmpnam creates consists of
- # the path prefix, defined by the entry P_tmpdir in the
- # file STDIO.H, followed by a sequence consisting of the
- # digit characters '0' through '9'; the numerical value
- # of this string is in the range 1 - 65,535. Changing the
- # definitions of L_tmpnam or P_tmpdir in STDIO.H does not
- # change the operation of tmpnam.
- #
- # The really bizarre part is that, at least under MSVC6,
- # P_tmpdir is "\\". That is, the path returned refers to
- # the root of the current drive. That's a terrible place to
- # put temp files, and, depending on privileges, the user
- # may not even be able to open a file in the root directory.
- self.failIf(os.path.exists(name),
- "file already exists for temporary file")
- else:
- self.check_tempfile(name)
-
# Test attributes on return values from os.*stat* family.
class StatAttributeTests(unittest.TestCase):
def setUp(self):
Index: Lib/test/test_posix.py
===================================================================
--- Lib/test/test_posix.py (revision 58619)
+++ Lib/test/test_posix.py (working copy)
@@ -29,7 +29,7 @@
# test posix functions which take no arguments and have
# no side-effects which we need to cleanup (e.g., fork, wait, abort)
NO_ARG_FUNCTIONS = [ "ctermid", "getcwd", "getcwdu", "uname",
- "times", "getloadavg", "tmpnam",
+ "times", "getloadavg",
"getegid", "geteuid", "getgid", "getgroups",
"getpid", "getpgrp", "getppid", "getuid",
]
@@ -171,17 +171,6 @@
os.close(reader)
os.close(writer)
- def test_tempnam(self):
- if hasattr(posix, 'tempnam'):
- self.assert_(posix.tempnam())
- self.assert_(posix.tempnam(os.curdir))
- self.assert_(posix.tempnam(os.curdir, 'blah'))
-
- def test_tmpfile(self):
- if hasattr(posix, 'tmpfile'):
- fp = posix.tmpfile()
- fp.close()
-
def test_utime(self):
if hasattr(posix, 'utime'):
now = time.time()
Index: Modules/posixmodule.c
===================================================================
--- Modules/posixmodule.c (revision 58619)
+++ Modules/posixmodule.c (working copy)
@@ -302,10 +302,6 @@
#define USE_CTERMID_R
#endif
-#if defined(HAVE_TMPNAM_R) && defined(WITH_THREAD)
-#define USE_TMPNAM_R
-#endif
-
/* choose the appropriate stat and fstat functions and return structs */
#undef STAT
#if defined(MS_WIN64) || defined(MS_WINDOWS)
@@ -5339,44 +5335,6 @@
}
#endif /* HAVE_STATVFS */
-
-#ifdef HAVE_TEMPNAM
-PyDoc_STRVAR(posix_tempnam__doc__,
-"tempnam([dir[, prefix]]) -> string\n\n\
-Return a unique name for a temporary file.\n\
-The directory and a prefix may be specified as strings; they may be omitted\n\
-or None if not needed.");
-
-static PyObject *
-posix_tempnam(PyObject *self, PyObject *args)
-{
- PyObject *result = NULL;
- char *dir = NULL;
- char *pfx = NULL;
- char *name;
-
- if (!PyArg_ParseTuple(args, "|zz:tempnam", &dir, &pfx))
- return NULL;
-
- if (PyErr_WarnEx(PyExc_RuntimeWarning,
- "tempnam is a potential security risk to your program",
- 1) < 0)
- return NULL;
-
-#ifdef MS_WINDOWS
- name = _tempnam(dir, pfx);
-#else
- name = tempnam(dir, pfx);
-#endif
- if (name == NULL)
- return PyErr_NoMemory();
- result = PyUnicode_DecodeFSDefault(name);
- free(name);
- return result;
-}
-#endif
-
-
#ifdef HAVE_TMPFILE
PyDoc_STRVAR(posix_tmpfile__doc__,
"tmpfile() -> file object\n\n\
@@ -5401,45 +5359,6 @@
}
#endif
-
-#ifdef HAVE_TMPNAM
-PyDoc_STRVAR(posix_tmpnam__doc__,
-"tmpnam() -> string\n\n\
-Return a unique name for a temporary file.");
-
-static PyObject *
-posix_tmpnam(PyObject *self, PyObject *noargs)
-{
- char buffer[L_tmpnam];
- char *name;
-
- if (PyErr_WarnEx(PyExc_RuntimeWarning,
- "tmpnam is a potential security risk to your program",
- 1) < 0)
- return NULL;
-
-#ifdef USE_TMPNAM_R
- name = tmpnam_r(buffer);
-#else
- name = tmpnam(buffer);
-#endif
- if (name == NULL) {
- PyObject *err = Py_BuildValue("is", 0,
-#ifdef USE_TMPNAM_R
- "unexpected NULL from tmpnam_r"
-#else
- "unexpected NULL from tmpnam"
-#endif
- );
- PyErr_SetObject(PyExc_OSError, err);
- Py_XDECREF(err);
- return NULL;
- }
- return PyUnicode_DecodeFSDefault(buffer);
-}
-#endif
-
-
/* This is used for fpathconf(), pathconf(), confstr() and sysconf().
* It maps strings representing configuration variable names to
* integer values, allowing those functions to be called with the
@@ -6944,12 +6863,6 @@
#ifdef HAVE_TMPFILE
{"tmpfile", posix_tmpfile, METH_NOARGS, posix_tmpfile__doc__},
#endif
-#ifdef HAVE_TEMPNAM
- {"tempnam", posix_tempnam, METH_VARARGS, posix_tempnam__doc__},
-#endif
-#ifdef HAVE_TMPNAM
- {"tmpnam", posix_tmpnam, METH_NOARGS, posix_tmpnam__doc__},
-#endif
#ifdef HAVE_CONFSTR
{"confstr", posix_confstr, METH_VARARGS, posix_confstr__doc__},
#endif
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
