classification
Title: multiprocessing.managers.BaseManager.__reduce__ references BaseManager.from_address
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 3.4, Python 3.5, Python 2.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: jnoller Nosy List: Hugo.Shi, asksol, berker.peksag, jnoller, mark.dickinson, peterhunt, r.david.murray
Priority: normal Keywords: easy

Created on 2009-12-14 18:48 by peterhunt, last changed 2014-06-29 10:51 by berker.peksag. This issue is now closed.

Messages (6)
msg96392 - (view) Author: Pete Hunt (peterhunt) Date: 2009-12-14 18:48
BaseManager.__reduce__ references from_address, which, to my knowledge, 
has been eliminated from the package.
msg96398 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2009-12-14 19:42
See also issue 5862 and issue 3518.  One or more of these three tickets
could possibly be closed as duplicates.
msg121699 - (view) Author: Hugo Shi (Hugo.Shi) Date: 2010-11-20 18:05
Does BaseManager need to be pickleable?  It looks like it contains an AuthenticationKey which should NOT be pickled for security reasons.  All the unit tests pass if we remove the __reduce__ method.  Is that the fix?
msg121702 - (view) Author: Mark Dickinson (mark.dickinson) * (Python committer) Date: 2010-11-20 18:19
Questions:

(1) Did you run the unittests on Windows?  I think there are stronger requirements for pickleability there.

(2) What specific security issues do you anticipate from pickling the authentication key?
msg121705 - (view) Author: Hugo Shi (Hugo.Shi) Date: 2010-11-20 18:23
I didn't run the unittests in windows, But I don't have the capability to do so at the moment.  I maybe able to do this on monday

I don't know why AuthenticationKey has security issues with being pickled, however in process.py


#                                                                                                                                                                                                 
# We subclass bytes to avoid accidental transmission of auth keys over network                                                                                                                    
#                                                                                                                                                                                                 

class AuthenticationString(bytes):
    def __reduce__(self):
        from .forking import Popen
        if not Popen.thread_is_spawning():
            raise TypeError(
                'Pickling an AuthenticationString object is '
                'disallowed for security reasons'
                )
        return AuthenticationString, (bytes(self),)
msg221836 - (view) Author: Berker Peksag (berker.peksag) * (Python committer) Date: 2014-06-29 10:51
This has already been fixed in c2910971eb86 (see issue 3518).
History
Date User Action Args
2014-06-29 10:51:22berker.peksagsetstatus: open -> closed

nosy: + berker.peksag
messages: + msg221836

resolution: out of date
stage: needs patch -> resolved
2014-06-27 21:23:25BreamoreBoysetversions: + Python 3.4, Python 3.5, - Python 2.6, Python 3.1, Python 3.2
2010-11-20 18:23:42Hugo.Shisetmessages: + msg121705
2010-11-20 18:19:09mark.dickinsonsetnosy: + mark.dickinson
messages: + msg121702
2010-11-20 18:05:36brian.curtinsetnosy: + asksol
2010-11-20 18:05:04Hugo.Shisetnosy: + Hugo.Shi
messages: + msg121699
2009-12-14 19:42:35r.david.murraysetversions: + Python 3.1, Python 2.7, Python 3.2
2009-12-14 19:42:24r.david.murraysetpriority: normal

assignee: jnoller

keywords: + easy
nosy: + r.david.murray, jnoller
messages: + msg96398
stage: needs patch
2009-12-14 18:48:55peterhuntcreate