11 lines
582 B
ReStructuredText
11 lines
582 B
ReStructuredText
pytest used to create directories under ``/tmp`` with world-readable
|
|
permissions. This means that any user in the system was able to read
|
|
information written by tests in temporary directories (such as those created by
|
|
the ``tmp_path``/``tmpdir`` fixture). Now the directories are created with
|
|
private permissions.
|
|
|
|
pytest used silenty use a pre-existing ``/tmp/pytest-of-<username>`` directory,
|
|
even if owned by another user. This means another user could pre-create such a
|
|
directory and gain control of another user's temporary directory. Now such a
|
|
condition results in an error.
|