[Biopython-dev] [Bug 3016] Change WriterTests in test_PhyloXML.py to use StringIO or temp files
bugzilla-daemon at portal.open-bio.org
bugzilla-daemon at portal.open-bio.org
Thu May 20 12:39:23 EDT 2010
http://bugzilla.open-bio.org/show_bug.cgi?id=3016
------- Comment #3 from eric.talevich at gmail.com 2010-05-20 12:39 EST -------
(In reply to comment #2)
> Eric;
> Just a quick tip on mkstemp. When you do:
>
> DUMMY = tempfile.mkstemp()[1]
>
> you leave an open handle as the first argument of this tuple. It won't cause
> you any issues here, but is a problem if you have a long running server
> process. You will leak open file handles and eventually get an error about too
> many open files. See:
>
> http://www.logilab.org/blogentry/17873
> http://vocamus.net/dave/?p=997
>
> No problems here, but rather a heads up on a tricky bit of python I've run into
> too many times to count,
> Brad
>
Thanks! Instead of closing the stray file handle mkstemp generates, I used
mktemp. As I understand it, the security issue mentioned in mktemp's docstring
is if an attacker creates a symlink to an important, protected file using the
same name mktemp chose for this test script. Then if this script is run as
root, it would clobber that file even if the attacker didn't originally have
permissions to modify that file.
http://mail.python.org/pipermail/python-dev/2001-March/013507.html
But the Biopython test suite isn't normally run as root, and in any case all of
the test scripts reuse file names that aren't protected, which means everything
has the same vulnerability.
--
Configure bugmail: http://bugzilla.open-bio.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the Biopython-dev
mailing list