gh-143010: Prevent a TOCTOU issue by reusing the fd

AZero13 · AZero13 · commit a8ee81c2538c · 2025-12-20T01:49:22.000-05:00
diff --git a/Lib/mailbox.py b/Lib/mailbox.py
@@ -2181,11 +2181,7 @@ def _unlock_file(f):
 
 def _create_carefully(path):
     """Create a file if it doesn't exist and open for reading and writing."""
-    fd = os.open(path, os.O_CREAT | os.O_EXCL | os.O_RDWR, 0o666)
-    try:
-        return open(path, 'rb+')
-    finally:
-        os.close(fd)
+    return open(path, 'xb+')
 
 def _create_temporary(path):
     """Create a temp file based on path and open for reading and writing."""
diff --git a/Misc/NEWS.d/next/Library/2025-12-20-01-49-02.gh-issue-143010._-SWX0.rst b/Misc/NEWS.d/next/Library/2025-12-20-01-49-02.gh-issue-143010._-SWX0.rst
@@ -0,0 +1 @@
+_create_carefully: Prevent a TOCTOU by simplifying.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+_create_carefully: Prevent a TOCTOU by simplifying.`