New submission from Jakub Wilk:
The doctest.debug_script function creates temporary files in an insecure way:
srcfilename = tempfile.mktemp(".py", "doctestdebug")
f = open(srcfilename, 'w')
This is already fixed for Python >= 3.2, although for reasons other than
security: issue12451
----------
components: Library (Lib)
messages: 209717
nosy: jwilk
priority: normal
severity: normal
status: open
title: doctest.debug_script: insecure use of /tmp
type: security
versions: Python 2.7, Python 3.1
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue20447>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
