Rather than using a predictable filename in /tmp, use os.mkdtemp() to create a
secure temporary directory with a random name and create the file inside it.
This fixes a security issue: if another user on the system created a symlink
with a name likely to be used by rsub, it can allow files to be overwritten.
This also has several other advantages: the permissions on the directory prevent
other users on the system from reading the temporary file being edited, and
because a new directory is used for each file, it's now possible to edit
multiple files with the same name from the same client without them overwriting
each other.
henrikpersson
commented
11 years ago
Rather than using a predictable filename in /tmp, use os.mkdtemp() to create a secure temporary directory with a random name and create the file inside it. This fixes a security issue: if another user on the system created a symlink with a name likely to be used by rsub, it can allow files to be overwritten.
This also has several other advantages: the permissions on the directory prevent other users on the system from reading the temporary file being edited, and because a new directory is used for each file, it's now possible to edit multiple files with the same name from the same client without them overwriting each other.