Message254168
The Windows implementation of Popen calls _make_inheritable(), which creates inheritable copies of Popen's file descriptors. If two Popen calls happen at the same time on different threads, these descriptors can leak to both child processes. Here's a demonstration of a deadlock caused by this bug:
https://gist.github.com/oconnor663/b1d39d58b232fc627d84
Victor Stinner also wrote up a summary of the security issues associated with leaking file descriptors in PEP 0446.
A workaround for this issue is to protect all Popen calls with a lock. Calls to wait() and communicate() don't need to be protected, so you can release the lock before you make those blocking calls. I don't see a way to safely use run() or the other convenience functions, if you're using pipes and multiple threads. Unfortunately close_fds=True is not allowed on Windows when any of stdin/stdout/stderr are set, which is going the be the case here.
Would it be feasible for Popen.__init__() to automatically protect the inheritable copies it creates, with a lock around that section? We already have the _waitpid_lock for POSIX, so it seems like thread safety is a goal. |
|
Date |
User |
Action |
Args |
2015-11-06 05:22:27 | oconnor663 | set | recipients:
+ oconnor663 |
2015-11-06 05:22:27 | oconnor663 | set | messageid: <1446787347.51.0.846654506724.issue25565@psf.upfronthosting.co.za> |
2015-11-06 05:22:27 | oconnor663 | link | issue25565 messages |
2015-11-06 05:22:26 | oconnor663 | create | |
|