git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.11] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501) (GH-98502)

Linux abstract sockets are insecure as they lack any form of filesystem
permissions so their use allows anyone on the system to inject code into
the process.

This removes the default preference for abstract sockets in
multiprocessing introduced in Python 3.9+ via
https://github.com/python/cpython/pull/18866 while fixing
https://github.com/python/cpython/issues/84031.

Explicit use of an abstract socket by a user now generates a
RuntimeWarning. If we choose to keep this warning, it should be
backported to the 3.7 and 3.8 branches.
(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
Automerge-Triggered-By: GH:gpshead

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Thu, 20 Oct 2022 23:55:37 +0000 (16:55 -0700)
committer	Pablo Galindo <pablogsal@gmail.com>
	Sat, 22 Oct 2022 19:10:01 +0000 (20:10 +0100)
commit	4c0c1e201a896ee5141df9a698e8a94aad2d5e6d
tree	3afb69ef6a922aadeaf1bac54e24070135cbe8c5	tree \| snapshot
parent	d0ab10f6f0163c397af4412175fe9ca0b2d96b4b	commit \| diff

Lib/multiprocessing/connection.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst	[new file with mode: 0644]	blob