Author christian.heimes
Recipients christian.heimes, eric.snow, lukasz.langa, vstinner
Date 2019-08-26.11:22:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1566818536.17.0.0640500218508.issue37951@roundup.psfhosted.org>
In-reply-to
Content
It's a bit more complicated. FreeIPA uses cryptography, which uses asn1crypto, which uses ctypes, which is broken in mod_wsgi due to bpo-34651. It's not just FreeIPA that is affected by the issue. Any application running in mod_wsgi is potentially affected and broken by bpo-34651.

1a) (modify FreeIPA) is not possible. IPA requires the additional features of the subprocess module.
1b) (modify ctypes) should be done in a separate ticket. I'm not sure why subprocess does not use posix_spawn() here. I guess it's the default value "close_fds=True"?
2) (avoid subinterpreters) would require a rewrite of mod_wsgi
3) (revert bpo-34651) is IMHO required for _posixsubprocess.fork_exec().

bpo-34651 is a backwards incompatible change that breaks existing applications that uses mod_wsgi. At least _posixsubprocess.fork_exec() should be reverted and the removal of fork() support should go through a proper deprecation cycle of two releases.

I'm bumping this up to release blocker and CC Ɓukasz.
History
Date User Action Args
2019-08-26 11:22:16christian.heimessetrecipients: + christian.heimes, vstinner, lukasz.langa, eric.snow
2019-08-26 11:22:16christian.heimessetmessageid: <1566818536.17.0.0640500218508.issue37951@roundup.psfhosted.org>
2019-08-26 11:22:16christian.heimeslinkissue37951 messages
2019-08-26 11:22:15christian.heimescreate