From 660a89ab0b9f701d1dbcd6400eaa15aa68c45374 Mon Sep 17 00:00:00 2001 From: raixyzaditya Date: Sat, 6 Dec 2025 18:04:28 +0530 Subject: [PATCH 1/2] Fix mkstemp() documentation regarding fd inheritance The documentation incorrectly stated that the file descriptor is not inherited by child processes. In reality, the close-on-exec flag (when available) only prevents inheritance across exec() calls, not fork(). The fd will still be inherited by forked child processes. --- Doc/library/tempfile.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Doc/library/tempfile.rst b/Doc/library/tempfile.rst index f0a81a093b435b..e5169d867a2ecd 100644 --- a/Doc/library/tempfile.rst +++ b/Doc/library/tempfile.rst @@ -225,8 +225,10 @@ The module defines the following user-callable items: properly implements the :const:`os.O_EXCL` flag for :func:`os.open`. The file is readable and writable only by the creating user ID. If the platform uses permission bits to indicate whether a file is executable, - the file is executable by no one. The file descriptor is not inherited - by child processes. + the file is executable by no one. On platforms that support the :const: + `os.O_CLOEXEC` flag, the file descriptor has the close-on-exec flag set, + which prevents it from being inherited across :func:`os.exec*` calls. + However, the file descriptor will still be inherited by child processes created via :func:`os.fork`. Unlike :func:`TemporaryFile`, the user of :func:`mkstemp` is responsible for deleting the temporary file when done with it. From 6cba2c671757722e9d5af5278767e9efd5e35757 Mon Sep 17 00:00:00 2001 From: raixyzaditya Date: Sun, 7 Dec 2025 00:01:33 +0530 Subject: [PATCH 2/2] Fix indentation in mkstemp() documentation Adjust indentation to match the rest of the file formatting. --- Doc/library/tempfile.rst | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/Doc/library/tempfile.rst b/Doc/library/tempfile.rst index e5169d867a2ecd..45e99d0852107c 100644 --- a/Doc/library/tempfile.rst +++ b/Doc/library/tempfile.rst @@ -220,15 +220,19 @@ The module defines the following user-callable items: .. function:: mkstemp(suffix=None, prefix=None, dir=None, text=False) - Creates a temporary file in the most secure manner possible. There are - no race conditions in the file's creation, assuming that the platform - properly implements the :const:`os.O_EXCL` flag for :func:`os.open`. The - file is readable and writable only by the creating user ID. If the - platform uses permission bits to indicate whether a file is executable, - the file is executable by no one. On platforms that support the :const: - `os.O_CLOEXEC` flag, the file descriptor has the close-on-exec flag set, - which prevents it from being inherited across :func:`os.exec*` calls. - However, the file descriptor will still be inherited by child processes created via :func:`os.fork`. + Creates a temporary file in the most secure manner possible. There are + no race conditions in the file's creation, assuming that the platform + properly implements the :const:`os.O_EXCL` flag for :func:`os.open`. The + file is readable and writable only by the creating user ID. If the + platform uses permission bits to indicate whether a file is executable, + the file is executable by no one. + + On platforms that support the :const:`os.O_CLOEXEC` flag, the file + descriptor is created with the close-on-exec flag set. This prevents it + from being inherited across ``exec*``-style calls that replace the current + process image. However, the file descriptor will still be inherited by + child processes created via :func:`os.fork`. + Unlike :func:`TemporaryFile`, the user of :func:`mkstemp` is responsible for deleting the temporary file when done with it.