This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2013年01月29日 13:09 by vstinner, last changed 2022年04月11日 14:57 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| cloexec_fs_walk.patch | vstinner, 2013年01月29日 13:09 | |||
| cloexec_listening_socket.patch | vstinner, 2013年01月29日 13:09 | |||
| cloexec_log_file.patch | vstinner, 2013年01月29日 13:09 | |||
| cloexec_misc.patch | vstinner, 2013年01月29日 13:09 | |||
| cloexec_subprocess.patch | vstinner, 2013年01月29日 13:09 | |||
| Messages (4) | |||
|---|---|---|---|
| msg180905 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2013年01月29日 13:09 | |
Attached patches use the new cloexec parameter added by the PEP 433 (see issue #17036). cloexec_fs_walk.patch: [security] don't leak a file descriptors of directories to a child processes cloexec_listening_socket.patch: [security] don't leak a listening socket to child processes, see also #12107 cloexec_log_file.patch: [security] don't leak the file descriptor of a log file to child processes cloexec_subprocess.patch: [security/bugs] don't leak file descriptors to child processes cloexec_misc.patch: misc mmodules "security" is a strong word: if subprocess is called with close_fds=True, there is no such problem at all. It's more a theorical problem if a process is created in another thread without using the subprocess module (but directly low level functions). |
|||
| msg194164 - (view) | Author: Charles-François Natali (neologix) * (Python committer) | Date: 2013年08月02日 08:34 | |
Time to close this one, since the PEP has been superseeded by PEP 446? |
|||
| msg195832 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2013年08月21日 22:41 | |
> Time to close this one, since the PEP has been superseeded by PEP 446? I prefer to wait until Guido decided for the PEP 446. |
|||
| msg196333 - (view) | Author: STINNER Victor (vstinner) * (Python committer) | Date: 2013年08月27日 23:25 | |
The PEP 446 has been implemented (see issue #18571), this issue can be closed. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月11日 14:57:41 | admin | set | github: 61272 |
| 2013年08月27日 23:25:53 | vstinner | set | status: open -> closed resolution: fixed messages: + msg196333 |
| 2013年08月21日 22:41:44 | vstinner | set | messages: + msg195832 |
| 2013年08月02日 08:34:06 | neologix | set | messages: + msg194164 |
| 2013年01月29日 13:24:40 | vstinner | set | title: Use the new cloexec to improve security and avoid bugs -> PEP 433: Use the new cloexec to improve security and avoid bugs |
| 2013年01月29日 13:09:43 | vstinner | set | files: + cloexec_subprocess.patch |
| 2013年01月29日 13:09:36 | vstinner | set | files: + cloexec_misc.patch |
| 2013年01月29日 13:09:29 | vstinner | set | files: + cloexec_log_file.patch |
| 2013年01月29日 13:09:23 | vstinner | set | files: + cloexec_listening_socket.patch |
| 2013年01月29日 13:09:17 | vstinner | create | |