pytest used to create directories under /tmp
with world-readable permissions. This means that any user in the system was able to read information written by tests in temporary directories (such as those created by the tmp_path
/tmpdir
fixture). Now the directories are created with private permissions.
pytest used silenty use a pre-existing /tmp/pytest-of-<username>
directory, even if owned by another user. This means another user could pre-create such a directory and gain control of another user's temporary directory. Now such a condition results in an error.