diff -r bc88690df059 Lib/getpass.py --- a/Lib/getpass.py Tue Jan 29 13:35:00 2013 +0100 +++ b/Lib/getpass.py Tue Jan 29 14:04:01 2013 +0100 @@ -42,7 +42,7 @@ def unix_getpass(prompt='Password: ', st tty = None try: # Always try reading and writing directly on the tty first. - fd = os.open('/dev/tty', os.O_RDWR|os.O_NOCTTY) + fd = os.open('/dev/tty', os.O_RDWR|os.O_NOCTTY, cloexec=True) tty = os.fdopen(fd, 'w+', 1) input = tty if not stream: diff -r bc88690df059 Lib/http/server.py --- a/Lib/http/server.py Tue Jan 29 13:35:00 2013 +0100 +++ b/Lib/http/server.py Tue Jan 29 14:04:01 2013 +0100 @@ -710,7 +710,7 @@ class SimpleHTTPRequestHandler(BaseHTTPR return self.list_directory(path) ctype = self.guess_type(path) try: - f = open(path, 'rb') + f = open(path, 'rb', cloexec=True) except OSError: self.send_error(404, "File not found") return None diff -r bc88690df059 Lib/importlib/_bootstrap.py --- a/Lib/importlib/_bootstrap.py Tue Jan 29 13:35:00 2013 +0100 +++ b/Lib/importlib/_bootstrap.py Tue Jan 29 14:04:01 2013 +0100 @@ -125,7 +125,9 @@ def _write_atomic(path, data, mode=0o666 # id() is used to generate a pseudo-random filename. path_tmp = '{}.{}'.format(path, id(path)) fd = _os.open(path_tmp, - _os.O_EXCL | _os.O_CREAT | _os.O_WRONLY, mode & 0o666) + _os.O_EXCL | _os.O_CREAT | _os.O_WRONLY, + mode & 0o666, + cloexec=True) try: # We first write data to a temporary file, and then use os.replace() to # perform an atomic rename. diff -r bc88690df059 Lib/pty.py --- a/Lib/pty.py Tue Jan 29 13:35:00 2013 +0100 +++ b/Lib/pty.py Tue Jan 29 14:04:01 2013 +0100 @@ -63,7 +63,7 @@ def _open_terminal(): for y in '0123456789abcdef': pty_name = '/dev/pty' + x + y try: - fd = os.open(pty_name, os.O_RDWR) + fd = os.open(pty_name, os.O_RDWR, cloexec=True) except OSError: continue return (fd, '/dev/tty' + x + y) @@ -75,7 +75,7 @@ def slave_open(tty_name): opened filedescriptor. Deprecated, use openpty() instead.""" - result = os.open(tty_name, os.O_RDWR) + result = os.open(tty_name, os.O_RDWR, cloexec=True) try: from fcntl import ioctl, I_PUSH except ImportError: @@ -119,7 +119,7 @@ def fork(): os.close (slave_fd) # Explicitly open the tty to make it become a controlling tty. - tmp_fd = os.open(os.ttyname(STDOUT_FILENO), os.O_RDWR) + tmp_fd = os.open(os.ttyname(STDOUT_FILENO), os.O_RDWR, cloexec=True) os.close(tmp_fd) else: os.close(slave_fd) diff -r bc88690df059 Lib/pydoc.py --- a/Lib/pydoc.py Tue Jan 29 13:35:00 2013 +0100 +++ b/Lib/pydoc.py Tue Jan 29 14:04:01 2013 +0100 @@ -265,7 +265,7 @@ class ErrorDuringImport(Exception): def importfile(path): """Import a Python source file or compiled file given its path.""" magic = imp.get_magic() - with open(path, 'rb') as file: + with open(path, 'rb', cloexec=True) as file: if file.read(len(magic)) == magic: kind = imp.PY_COMPILED else: @@ -1426,7 +1426,7 @@ def tempfilepager(text, cmd): """Page through text by invoking a program on a temporary file.""" import tempfile filename = tempfile.mktemp() - file = open(filename, 'w') + file = open(filename, 'w', cloexec=True) file.write(text) file.close() try: @@ -1580,7 +1580,7 @@ def writedoc(thing, forceload=0): try: object, name = resolve(thing, forceload) page = html.page(describe(object), html.document(object, name)) - file = open(name + '.html', 'w', encoding='utf-8') + file = open(name + '.html', 'w', encoding='utf-8', cloexec=True) file.write(page) file.close() print('wrote', name + '.html') @@ -2471,7 +2471,7 @@ def _url_handler(url, content_type="text if content_type == 'text/css': path_here = os.path.dirname(os.path.realpath(__file__)) css_path = os.path.join(path_here, url) - with open(css_path) as fp: + with open(css_path, cloexec=True) as fp: return ''.join(fp.readlines()) elif content_type == 'text/html': return get_html_page(url) diff -r bc88690df059 Lib/tempfile.py --- a/Lib/tempfile.py Tue Jan 29 13:35:00 2013 +0100 +++ b/Lib/tempfile.py Tue Jan 29 14:04:01 2013 +0100 @@ -151,7 +151,7 @@ def _get_default_tempdir(): name = next(namer) filename = _os.path.join(dir, name) try: - fd = _os.open(filename, _bin_openflags, 0o600) + fd = _os.open(filename, _bin_openflags, 0o600, cloexec=True) fp = _io.open(fd, 'wb') fp.write(b'blat') fp.close() diff -r bc88690df059 Lib/urllib/request.py --- a/Lib/urllib/request.py Tue Jan 29 13:35:00 2013 +0100 +++ b/Lib/urllib/request.py Tue Jan 29 14:04:01 2013 +0100 @@ -193,7 +193,7 @@ def urlretrieve(url, filename=None, repo # Handle temporary file setup. if filename: - tfp = open(filename, 'wb') + tfp = open(filename, 'wb', cloexec=True) else: tfp = tempfile.NamedTemporaryFile(delete=False) filename = tfp.name @@ -1443,7 +1443,7 @@ class FileHandler(BaseHandler): origurl = 'file://' + host + filename else: origurl = 'file://' + filename - return addinfourl(open(localfile, 'rb'), headers, origurl) + return addinfourl(open(localfile, 'rb', cloexec=True), headers, origurl) except OSError as exp: # users shouldn't expect OSErrors coming from urlopen() raise URLError(exp) @@ -1694,7 +1694,7 @@ class URLopener: fullurl = quote(fullurl, safe="%/:=&?~#+!$,;'@()*[]|") if self.tempcache and fullurl in self.tempcache: filename, headers = self.tempcache[fullurl] - fp = open(filename, 'rb') + fp = open(filename, 'rb', cloexec=True) return addinfourl(fp, headers, fullurl) urltype, url = splittype(fullurl) if not urltype: @@ -1754,7 +1754,7 @@ class URLopener: try: headers = fp.info() if filename: - tfp = open(filename, 'wb') + tfp = open(filename, 'wb', cloexec=True) else: import tempfile garbage, path = splittype(url) @@ -1957,7 +1957,7 @@ class URLopener: urlfile = file if file[:1] == '/': urlfile = 'file://' + file - return addinfourl(open(localname, 'rb'), headers, urlfile) + return addinfourl(open(localname, 'rb', cloexec=True), headers, urlfile) host, port = splitport(host) if (not port and socket.gethostbyname(host) in ((localhost(),) + thishost())): @@ -1966,7 +1966,7 @@ class URLopener: urlfile = 'file://' + file elif file[:2] == './': raise ValueError("local file url may start with / or file:. Unknown url of type: %s" % url) - return addinfourl(open(localname, 'rb'), headers, urlfile) + return addinfourl(open(localname, 'rb', cloexec=True), headers, urlfile) raise URLError('local file error: not on local host') def open_ftp(self, url): diff -r bc88690df059 Lib/venv/__init__.py --- a/Lib/venv/__init__.py Tue Jan 29 13:35:00 2013 +0100 +++ b/Lib/venv/__init__.py Tue Jan 29 14:04:01 2013 +0100 @@ -157,7 +157,7 @@ class EnvBuilder: being processed. """ context.cfg_path = path = os.path.join(context.env_dir, 'pyvenv.cfg') - with open(path, 'w', encoding='utf-8') as f: + with open(path, 'w', encoding='utf-8', cloexec=True) as f: f.write('home = %s\n' % context.python_dir) if self.system_site_packages: incl = 'true' @@ -309,7 +309,7 @@ class EnvBuilder: if not os.path.exists(dstdir): os.makedirs(dstdir) dstfile = os.path.join(dstdir, f) - with open(srcfile, 'rb') as f: + with open(srcfile, 'rb', cloexec=True) as f: data = f.read() if srcfile.endswith('.exe'): mode = 'wb' @@ -323,7 +323,7 @@ class EnvBuilder: logger.warning('unable to copy script %r, ' 'may be binary: %s', srcfile, e) if data is not None: - with open(dstfile, mode) as f: + with open(dstfile, mode, cloexec=True) as f: f.write(data) shutil.copymode(srcfile, dstfile) diff -r bc88690df059 PC/_msi.c --- a/PC/_msi.c Tue Jan 29 13:35:00 2013 +0100 +++ b/PC/_msi.c Tue Jan 29 14:04:01 2013 +0100 @@ -55,7 +55,7 @@ static FNFCIFREE(cb_free) static FNFCIOPEN(cb_open) { - int result = _open(pszFile, oflag, pmode); + int result = _open(pszFile, oflag | O_NOINHERIT, pmode); if (result == -1) *err = errno; return result; @@ -179,7 +179,7 @@ static FNFCIGETOPENINFO(cb_getopeninfo) CloseHandle(handle); - return _open(pszName, _O_RDONLY | _O_BINARY); + return _open(pszName, _O_RDONLY | _O_BINARY | O_NOINHERIT); } static PyObject* fcicreate(PyObject* obj, PyObject* args)