This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2011年08月30日 00:31 by ferringb, last changed 2022年04月11日 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| unique-seed-per-process-tempfile.patch | ferringb, 2011年08月30日 00:33 | ensure PRNG is unique between parent/child | review | |
| unique-seed-per-process-tempfile.patch | ferringb, 2011年08月30日 02:07 | round two; run only if os.fork exists, protect against changes in random value's size | review | |
| Messages (7) | |||
|---|---|---|---|
| msg143192 - (view) | Author: Ferringb (ferringb) * | Date: 2011年08月30日 00:31 | |
Roughly; tempfile's uniqueness is derived from a global random instance; while there are protections for thread access, a forked child process /will/ inherit that PRNG source, resulting in children/parent trying the same set of names. Mostly it's proving annoying in some code I have to deal in, although it wouldn't surprise me if someone watching a known temp location could use the predictability in some fashion. As for affect, all versions of python have this; attached patch is cut against trunk. |
|||
| msg143193 - (view) | Author: Ferringb (ferringb) * | Date: 2011年08月30日 00:33 | |
Bleh; pardon, reuploading the patch. hg export aparently appends to the output file rather than overwriting it (last patch had duplicated content in it). |
|||
| msg143195 - (view) | Author: Antoine Pitrou (pitrou) * (Python committer) | Date: 2011年08月30日 01:11 | |
Interesting, thank you. Two nits: - the test must be skipped where os.fork() isn't available (namely, under Windows) - I would do os.read(fd, 100) (or some other large value) rather than os.read(fd, 6), so that the test doesn't depend on the exact length of the random sequences produced |
|||
| msg143196 - (view) | Author: Ferringb (ferringb) * | Date: 2011年08月30日 02:07 | |
> the test must be skipped where os.fork() isn't available (namely, under Windows) Done, although I still humbly suggest telling windows to bugger off ;) > I would do os.read(fd, 100) (or some other large value) rather than os.read(fd, 6), so that the test doesn't depend on the exact length of the random sequences produced 100 is no different than 6 (same potential exists); better to just use the length from the parent side access to the PRNG. That leaves open the unlikely scenario of child returning 7 chars, parent 6, and child/parent agreeing on the first 6... which would very likely be a bug anyways. |
|||
| msg147078 - (view) | Author: Charles-François Natali (neologix) * (Python committer) | Date: 2011年11月05日 10:45 | |
The patch looks good to me. Note that the whole kill(pid, SIGKILL) looks overkill to me... |
|||
| msg148358 - (view) | Author: Roundup Robot (python-dev) (Python triager) | Date: 2011年11月25日 20:38 | |
New changeset 3c9ddd93c983 by Antoine Pitrou in branch '3.2': Issue #12856: Ensure child processes do not inherit the parent's random seed for filename generation in the tempfile module. http://hg.python.org/cpython/rev/3c9ddd93c983 New changeset 588087429809 by Antoine Pitrou in branch 'default': Issue #12856: Ensure child processes do not inherit the parent's random seed for filename generation in the tempfile module. http://hg.python.org/cpython/rev/588087429809 New changeset e42be90eb9c5 by Antoine Pitrou in branch '2.7': Issue #12856: Ensure child processes do not inherit the parent's random seed for filename generation in the tempfile module. http://hg.python.org/cpython/rev/e42be90eb9c5 |
|||
| msg148359 - (view) | Author: Antoine Pitrou (pitrou) * (Python committer) | Date: 2011年11月25日 20:39 | |
Patch committed, thank you! |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:57:21 | admin | set | github: 57065 |
| 2011年11月25日 20:39:51 | pitrou | set | status: open -> closed resolution: fixed messages: + msg148359 stage: patch review -> resolved |
| 2011年11月25日 20:38:20 | python-dev | set | nosy:
+ python-dev messages: + msg148358 |
| 2011年11月05日 10:45:46 | neologix | set | nosy:
+ neologix messages: + msg147078 |
| 2011年08月30日 02:07:47 | ferringb | set | files:
+ unique-seed-per-process-tempfile.patch messages: + msg143196 |
| 2011年08月30日 01:11:31 | pitrou | set | versions:
+ Python 2.7, Python 3.2, Python 3.3 nosy: + ncoghlan, pitrou messages: + msg143195 components: + Library (Lib) stage: patch review |
| 2011年08月30日 00:34:52 | ferringb | set | files: - unique-seed-per-process-tempfile.patch |
| 2011年08月30日 00:33:36 | ferringb | set | files:
+ unique-seed-per-process-tempfile.patch messages: + msg143193 |
| 2011年08月30日 00:31:52 | ferringb | create | |