New submission from Yusuke Endoh <y.en...@gmail.com>:
Hello, The tempfile library does not check the prefix argument, which can be exploited to create files outside tmpdir by using directory traversal. ``` >>> import tempfile >>> tempfile.gettempprefix() 'tmp' >>> f = tempfile.NamedTemporaryFile(prefix="/home/mame/cracked") >>> f.name '/home/mame/crackedlt3y_ddm' ``` The same issue was found and treated as a vulnerability in PHP (CVE-2006-1494) and Ruby (CVE-2018-6914). I first reported this issue to secur...@python.org at July 2018. Some people kindly discussed it, and finally I was told to create a ticket here. ---------- components: Library (Lib) messages: 330097 nosy: Yusuke Endoh priority: normal severity: normal status: open title: directory traversal in tempfile prefix type: security versions: Python 3.8 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue35278> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
