From: Sam Lang <sam.lang@inktank.com>
Date: Fri, 12 Apr 2013 20:52:47 +0000 (-0500)
Subject: misc: Use tempfile.mkstemp() instead of tempnam
X-Git-Tag: 1.1.0~2187^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F11%2Fhead;p=teuthology.git

misc: Use tempfile.mkstemp() instead of tempnam

tempnam() is considered an unsafe security risk because the filename
generated is easy to guess and can be symlinked in advance.  Use
mkstemp() instead.

Signed-off-by: Sam Lang <sam.lang@inktank.com>
Reviewed-by: Joe Buck <jbbuck@gmail.com>
---

diff --git a/teuthology/misc.py b/teuthology/misc.py
index 9113797f5..f1c81e543 100644
--- a/teuthology/misc.py
+++ b/teuthology/misc.py
@@ -399,7 +399,7 @@ def remove_lines_from_file(remote, path, line_is_valid_test, string_to_test_for)
     move_file(remote, temp_file_path, path)
             
 def append_lines_to_file(remote, path, lines, sudo=False):
-    temp_file_path = get_remote_tempnam(remote)
+    temp_file_path = remote_mktemp(remote)
  
     data = get_file(remote, path, sudo)
 
@@ -413,14 +413,14 @@ def append_lines_to_file(remote, path, lines, sudo=False):
     # then do a 'mv' to the actual file location
     move_file(remote, temp_file_path, path)
 
-def get_remote_tempnam(remote, sudo=False):
+def remote_mktemp(remote, sudo=False):
     args = []
     if sudo:
         args.append('sudo')
     args.extend([
             'python',
             '-c',
-            'import os; print os.tempnam()'
+            'import os; import tempfile; (fd,fname) = tempfile.mkstemp(); fd.close(); print fname.rstrip()'
             ])
     proc = remote.run(
         args=args,