[3.13] gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578) (#148584)

gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578)

remove a mktemp use to avoid security scanner noise
(cherry picked from commit fd81246)

Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>

Author: miss-islington

Lib/multiprocessing/connection.py

@@ -75,7 +75,11 @@ def arbitrary_address(family):
     if family == 'AF_INET':
         return ('localhost', 0)
     elif family == 'AF_UNIX':
-        return tempfile.mktemp(prefix='sock-', dir=util.get_temp_dir())
+        # NOTE: util.get_temp_dir() is a 0o700 per-process directory. A
+        # mktemp-style ToC vs ToU concern is not important; bind() surfaces
+        # the extremely unlikely collision as EADDRINUSE.
+        return os.path.join(util.get_temp_dir(),
+                            f'sock-{os.urandom(6).hex()}')
     elif family == 'AF_PIPE':
         return (r'\\.\pipe\pyc-%d-%d-%s' %
                 (os.getpid(), next(_mmap_counter), os.urandom(8).hex()))