Asp Forum - Re: How secure are temp files created via tempfile.TemporaryFile()?

python

2/18/2010 8:09:00 PM

MRAB,

> Well, the contents of temp files aren't encrypted, if that's what you're asking

I understand the contents of temp files aren't encrypted.

> if you're writing unencrypted data to a temp file then other applications could read it.

That's my concern - can other applications really read my temp files
created with tempfile.TemporaryFile( delete=True )?

I don't think so because:

1. These files appear to be exclusively locked by my process, eg. no
other processes can read or write to these temp files except the process
that created these files.

2. As soon as my process terminates (voluntarily or involuntarily), the
temp file gets deleted.

But I want to make sure.

Thanks,
Mal

2 Answers

Steven D'Aprano

2/19/2010 12:36:00 AM

On Thu, 18 Feb 2010 15:09:28 -0500, python wrote:

> That's my concern - can other applications really read my temp files
> created with tempfile.TemporaryFile( delete=True )?

>>> import tempfile
>>> x = tempfile.TemporaryFile(delete=True)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
TypeError: TemporaryFile() got an unexpected keyword argument 'delete'

The Fine Manual has good information about the security of the various
calls:

http://docs.python.org/library/tem...

tempfile.TemporaryFile(...)
Return a file-like object that can be used as a temporary
storage area. ... your code should not rely on a temporary file
created using this function having or not having a visible name
in the file system. ...

tempfile.NamedTemporaryFile(...)
This function operates exactly as TemporaryFile() does, except
that the file is guaranteed to have a visible name in the file
system ... Whether the name can be used to open the file a
second time, while the named temporary file is still open, varies
across platforms...

> I don't think so because:
>
> 1. These files appear to be exclusively locked by my process, eg. no
> other processes can read or write to these temp files except the process
> that created these files.

Exclusive locks are advisory, not mandatory, on some operating systems,
so you can't rely on it. Recent versions of Windows have an interface to
allow "backup software" to read files opened in exclusive mode, and I
believe that the kernel can read *and write* to open files (although I
welcome correction).

http://en.wikipedia.org/wiki/Fi...

And naturally, if your system is compromised with a root kit, then you
can't trust *anything*, including file locks. But nobody expects an
application to take responsibility for working securely in the face of a
root kit :)

> 2. As soon as my process terminates (voluntarily or involuntarily), the
> temp file gets deleted.
>
> But I want to make sure.

I think the best practice is platform-dependent:

if os.name = "posix": # Unix, Linux, OpenBSD, FreeBSD, ...
tmpfile = tempfile.TemporaryFile
delete = None
elif os.name in ["nt", "ce"]: # Windows NT, XP, 2000, CE, ...
tmpfile = tempfile.NamedTemporaryFile
delete = True
else:
# FIXME What to do for Mac, OS/2, RiscOS, Java?
tmpfile = tempfile.TemporaryFile
delete = None
if delete is not None:
f = tmpfile(*args, delete=delete)
else:
f = tmpfile(*args)

--
Steven

python

2/19/2010 4:20:00 AM

Steven,

Thank you very much for your wonderful reply!!

I had read the Fine Manual, but as you pointed out the documentation
only mentions visibility of file names.

> Exclusive locks are advisory, not mandatory, on some operating systems, so you can't rely on it.

That comment and your list of OS specific behaviors were EXACTLY the
type of information I was looking for.

Thanks again!
Malcolm

comp.lang.python

Re: How secure are temp files created via tempfile.TemporaryFile()?

python

Steven D'Aprano

python

x Login to ForumsZone