[Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors

Antoine Pitrou solipsis at pitrou.net
Sun Jan 13 14:53:50 CET 2013

• Previous message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
• Next message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

On 2013年1月13日 23:49:32 +1000
Nick Coghlan <ncoghlan at gmail.com> wrote:
>> > (it's not even just a security issue: letting a bound socket open and
> > therefore being unable to re-use the same port is a bug even when
> > security is not a concern)
>> Agreed, but it's the security implications that let us even
> contemplate the backwards compatibility break. We either let
> inexperienced users continue to write insecure software by default, or
> we close the loophole and tell experienced users "hey, to upgrade to
> Python 3.4, you will need to address this change in behaviour".
>> The nice thing is that with enough advance warning, they should be
> able to update their code to forcibly clear the flag in a way that
> works even on earlier Python versions.
>> A more conservative approach, based on the steps taken in introducing
> hash randomisation, would be to expose the setting as an environment
> variable in 3.4, and then switch the default behaviour in 3.5.

The "more conservative approach" sounds good to me :-)
Regards
Antoine.

---

• Previous message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
• Next message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-Dev mailing list