git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.11] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501) (GH-98502)

Linux abstract sockets are insecure as they lack any form of filesystem
permissions so their use allows anyone on the system to inject code into
the process.

This removes the default preference for abstract sockets in
multiprocessing introduced in Python 3.9+ via
https://github.com/python/cpython/pull/18866 while fixing
https://github.com/python/cpython/issues/84031.

Explicit use of an abstract socket by a user now generates a
RuntimeWarning. If we choose to keep this warning, it should be
backported to the 3.7 and 3.8 branches.
(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
Automerge-Triggered-By: GH:gpshead

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Thu, 20 Oct 2022 23:55:37 +0000 (16:55 -0700)
committer	GitHub <noreply@github.com>
	Thu, 20 Oct 2022 23:55:37 +0000 (16:55 -0700)
commit	4686d77a04570a663164c03193d9def23c89b122
tree	fdf6e401ce577b2c0874675152dafe8bb6eb24a8	tree \| snapshot
parent	1520f4e45bc9d968a98d062ca6880387a0d98c08	commit \| diff

Lib/multiprocessing/connection.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst	[new file with mode: 0644]	blob