[3.9] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501)#98504
[3.9] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501)#98504ambv merged 1 commit intopython:3.9from
Conversation
…ythonGH-98501) Linux abstract sockets are insecure as they lack any form of filesystem permissions so their use allows anyone on the system to inject code into the process. This removes the default preference for abstract sockets in multiprocessing introduced in Python 3.9+ via python#18866 while fixing python#84031. Explicit use of an abstract socket by a user now generates a RuntimeWarning. If we choose to keep this warning, it should be backported to the 3.7 and 3.8 branches. (cherry picked from commit 49f6106) Co-authored-by: Gregory P. Smith <[email protected]>
miss-islington
force-pushed
the
backport-49f6106-3.9
branch
from
32b2d32 to
85178d5
Compare
|
Sorry, I can't merge this PR. Reason: |
|
Sorry, I can't merge this PR. Reason: |
1 similar comment
|
Sorry, I can't merge this PR. Reason: |
|
Sorry, I can't merge this PR. Reason: |
4 participants
Linux abstract sockets are insecure as they lack any form of filesystem
permissions so their use allows anyone on the system to inject code into
the process.
This removes the default preference for abstract sockets in
multiprocessing introduced in Python 3.9+ via
#18866 while fixing
#84031.
Explicit use of an abstract socket by a user now generates a
RuntimeWarning. If we choose to keep this warning, it should be
backported to the 3.7 and 3.8 branches.
(cherry picked from commit 49f6106)
Co-authored-by: Gregory P. Smith [email protected]