New submission from Jakub Wilk: The doctest.debug_script function creates temporary files in an insecure way:
srcfilename = tempfile.mktemp(".py", "doctestdebug") f = open(srcfilename, 'w') This is already fixed for Python >= 3.2, although for reasons other than security: issue12451 ---------- components: Library (Lib) messages: 209717 nosy: jwilk priority: normal severity: normal status: open title: doctest.debug_script: insecure use of /tmp type: security versions: Python 2.7, Python 3.1 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue20447> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com