Message350692
I close the issue. Python 3.7 and newer are fixed. Python 2.7 is still affected, but I consider that it's ok to leave the bug unfixed in this version.
--
> The random number generator now reseeds after a fork.
I confirm that it's done since Python 3.7, and Python 3.6 doesn't accept bugfixes anymore (only security fixes). So the issue is fixed in Python 3.7, 3.8 and master. For the record, the fix was this change:
commit 346cbd351ee0dd3ab9cb9f0e4cb625556707877e
Author: Antoine Pitrou <pitrou@free.fr>
Date: Sat May 27 17:50:54 2017 +0200
bpo-16500: Allow registering at-fork handlers (#1715)
Backporting this change to Python 3.6 and 3.5 would be too intrusive and risky. I don't think that this bug is important enough to be qualified as security vulnerability (the issue type is not "Security").
For Python 2.7, honestly, I don't think that the issue matters enough to justify to fix it today, knowning that Python 2.7 will reach its end of life at the end of the year. Moreover, apart Christian Heimes, no user ever complained about this issue.
Note: uuid.uuid4() always used os.urandom(16) which is not affected by this issue on fork. Only uuid.uuid1() and uuid.getnode() has the bug in Python 2.7. |
|
Date |
User |
Action |
Args |
2019-08-28 22:19:43 | vstinner | set | recipients:
+ vstinner, loewis, rhettinger, ncoghlan, pitrou, christian.heimes, Arfrever |
2019-08-28 22:19:43 | vstinner | set | messageid: <1567030783.37.0.00510592948716.issue15206@roundup.psfhosted.org> |
2019-08-28 22:19:43 | vstinner | link | issue15206 messages |
2019-08-28 22:19:42 | vstinner | create | |
|