wyz23x2 <wyz2...@163.com> added the comment:
Reopen. 1.See https://mail.python.org/pipermail/python-dev/2019-March/156765.html and https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File. It's *serious*. 2.Why not use this to generate a temporary name that an other program will create/act on? import secrets path = f"{x}{secrets.token_hex(n)}" # n is an large int # x is a path like "/tmp" # do something... ---------- resolution: duplicate -> status: closed -> open _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue39768> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
