A minor temporary directory security issue was found in pytest versions before 6.2.3. This issue is fixed in pytest 6.2.3.
pytest used to create directories under /tmp with world-readable
permissions. This means that any user in the system was able to read
information written by tests in temporary directories (such as those created by
the tmp_path/tmpdir fixture). Now the directories are created with
private permissions.
pytest used to silenty use a pre-existing /tmp/pytest-of-<username> directory,
even if owned by another user. This means another user could pre-create such a
directory and gain control of another user's temporary directory. Now such a
condition results in an error.
A minor temporary directory security issue was found in pytest versions before 6.2.3. This issue is fixed in pytest 6.2.3.
pytest used to create directories under
/tmpwith world-readablepermissions. This means that any user in the system was able to read
information written by tests in temporary directories (such as those created by
the
tmp_path/tmpdirfixture). Now the directories are created withprivate permissions.
pytest used to silenty use a pre-existing
/tmp/pytest-of-<username>directory,even if owned by another user. This means another user could pre-create such a
directory and gain control of another user's temporary directory. Now such a
condition results in an error.