classification
Title: multiprocessing.managers.BaseManager.__reduce__ references BaseManager.from_address
Type: behavior Stage: needs patch
Components: Library (Lib) Versions: Python 3.2, Python 3.1, Python 2.7, Python 2.6
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: jnoller Nosy List: Hugo.Shi, asksol, jnoller, mark.dickinson, peterhunt, r.david.murray
Priority: normal Keywords: easy

Created on 2009-12-14 18:48 by peterhunt, last changed 2010-11-20 18:23 by Hugo.Shi.

Messages (5)
msg96392 - (view) Author: Pete Hunt (peterhunt) Date: 2009-12-14 18:48 
BaseManager.__reduce__ references from_address, which, to my knowledge, 
has been eliminated from the package.
msg96398 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2009-12-14 19:42 
See also issue 5862 and issue 3518.  One or more of these three tickets
could possibly be closed as duplicates.
msg121699 - (view) Author: Hugo Shi (Hugo.Shi) Date: 2010-11-20 18:05 
Does BaseManager need to be pickleable?  It looks like it contains an AuthenticationKey which should NOT be pickled for security reasons.  All the unit tests pass if we remove the __reduce__ method.  Is that the fix?
msg121702 - (view) Author: Mark Dickinson (mark.dickinson) * (Python committer) Date: 2010-11-20 18:19 
Questions:

(1) Did you run the unittests on Windows?  I think there are stronger requirements for pickleability there.

(2) What specific security issues do you anticipate from pickling the authentication key?
msg121705 - (view) Author: Hugo Shi (Hugo.Shi) Date: 2010-11-20 18:23 
I didn't run the unittests in windows, But I don't have the capability to do so at the moment.  I maybe able to do this on monday

I don't know why AuthenticationKey has security issues with being pickled, however in process.py


#                                                                                                                                                                                                 
# We subclass bytes to avoid accidental transmission of auth keys over network                                                                                                                    
#                                                                                                                                                                                                 

class AuthenticationString(bytes):
    def __reduce__(self):
        from .forking import Popen
        if not Popen.thread_is_spawning():
            raise TypeError(
                'Pickling an AuthenticationString object is '
                'disallowed for security reasons'
                )
        return AuthenticationString, (bytes(self),)
History
Date User Action Args
2010-11-20 18:23:42Hugo.Shisetmessages: + msg121705
2010-11-20 18:19:09mark.dickinsonsetnosy: + mark.dickinson
messages: + msg121702
2010-11-20 18:05:36brian.curtinsetnosy: + asksol
2010-11-20 18:05:04Hugo.Shisetnosy: + Hugo.Shi
messages: + msg121699
2009-12-14 19:42:35r.david.murraysetversions: + Python 3.1, Python 2.7, Python 3.2
2009-12-14 19:42:24r.david.murrayset
nosy: + r.david.murray, jnoller
messages: + msg96398
priority: normal
assignee: jnoller
keywords: + easy
stage: needs patch
2009-12-14 18:48:55peterhuntcreate