Author vstinner
Recipients neologix, vstinner
Date 2013-01-29.13:09:17
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1359464957.74.0.458887600287.issue17070@psf.upfronthosting.co.za>
In-reply-to
Content
Attached patches use the new cloexec parameter added by the PEP 433 (see issue #17036).

cloexec_fs_walk.patch: [security] don't leak a file descriptors of directories to a child processes
cloexec_listening_socket.patch: [security] don't leak a listening socket to child processes, see also #12107
cloexec_log_file.patch: [security] don't leak the file descriptor of a log file to child processes
cloexec_subprocess.patch: [security/bugs] don't leak file descriptors to child processes
cloexec_misc.patch: misc mmodules

"security" is a strong word: if subprocess is called with close_fds=True, there is no such problem at all. It's more a theorical problem if a process is created in another thread without using the subprocess module (but directly low level functions).
History
Date User Action Args
2013-01-29 13:09:17vstinnersetrecipients: + vstinner, neologix
2013-01-29 13:09:17vstinnersetmessageid: <1359464957.74.0.458887600287.issue17070@psf.upfronthosting.co.za>
2013-01-29 13:09:17vstinnerlinkissue17070 messages
2013-01-29 13:09:17vstinnercreate