logilab-common #207562 CVE-2014-1839: temp file issue in shellutils.Execute [validation pending]

class Execute:
"""This is a deadlock safe version of popen2 (no stdin), that returns
an object with errorlevel, out and err.

def __init__(self, command):
outfile = tempfile.mktemp()
errfile = tempfile.mktemp()
self.status = os.system("( %s ) >%s 2>%s" %
(command, outfile, errfile)) >> 8
self.out = open(outfile, "r").read()
self.err = open(errfile, "r").read()

From the tempfile.mktemp() docstring: “This function is unsafe and
should not be used. The file name refers to a file that did not exist at
some point, but by the time you get around to creating it, someone else
may have beaten you to the punch.”

appeared in<not specified>
done in0.61.0
load left0.000
debian bug number737051
closed by#2c4fd6f35674 shellutils: fix tempfile issue in Execute, and deprecate it
patchshellutils: fix tempfile issue in Execute, and deprecate it [applied]