This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Yaniv.Aknin
Recipients Yaniv.Aknin, christian.heimes
Date 2010-04-07.13:08:49
SpamBayes Score 7.671641e-14
Marked as misclassified No
Message-id <1270645733.92.0.808253019629.issue6610@psf.upfronthosting.co.za>
In-reply-to
Content 
It seems to me that subprocess is protected against this flaw. Python 2.x has a pure-Python implementation of the child logic (which is susceptible to an unrelated issue). Python 3.x has a C implementation which falls back to pure-Python if the former is not available.

Both implementations test explicitly that they're not closing standard file descriptors after the dup2() call in the child. It is my understanding that test is sufficient, I couldn't reproduce the bug in Python, and thus I think this issue should be closed.

All that said, there was no coverage in subprocess' test for this particular case (spawning a coprocess when the standard fds closed). I'm attaching a patch which adds a testcase to cover it.
History
Date User Action Args
2010-04-07 13:08:54Yaniv.Akninsetrecipients: + Yaniv.Aknin, christian.heimes
2010-04-07 13:08:53Yaniv.Akninsetmessageid: <1270645733.92.0.808253019629.issue6610@psf.upfronthosting.co.za>
2010-04-07 13:08:52Yaniv.Akninlinkissue6610 messages
2010-04-07 13:08:51Yaniv.Aknincreate