This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author gregory.p.smith
Recipients gregory.p.smith, izbyshev, vstinner
Date 2020-12-27.20:41:08
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1609101669.05.0.0810636344929.issue42738@roundup.psfhosted.org>
In-reply-to
Content
Note that vfork() support has been merged for 3.10 via bpo-35823, so posix_spawn() is less of a performance carrot than it used to be on Linux.  vfork() exists macOS, that code could likely be enabled there after some investigation+testing.

Regardless, changing this default sounds difficult due to the variety of things depending on the existing behavior - potentially for security issues as you've noted - when running in a process with other file descriptors potentially not managed by Python (ie: extension modules) that don't explicitly use CLOEXEC.

The subprocess APIs are effectively evolving to become lower level over time as we continually find warts in them that need addressing but find defaults that cannot change due to existing uses.  A higher level "best practices for launching child processes module" with APIs reflecting explicit intents (performance vs security vs simplicity) rather than requiring users to understand subprocess platform specific details may be a good idea at this point (on PyPI I assume).

We changed posix close_fds default to True in 3.2 when Jeffrey and I wrote _posixsubprocess to better match the behavior most users actually want - undoing that doesn't feel right.
History
Date User Action Args
2020-12-27 20:41:09gregory.p.smithsetrecipients: + gregory.p.smith, vstinner, izbyshev
2020-12-27 20:41:09gregory.p.smithsetmessageid: <1609101669.05.0.0810636344929.issue42738@roundup.psfhosted.org>
2020-12-27 20:41:09gregory.p.smithlinkissue42738 messages
2020-12-27 20:41:08gregory.p.smithcreate