git.ipfire.org Git - thirdparty/Python/cpython.git/commit

[3.10] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501) (GH-98503)

Linux abstract sockets are insecure as they lack any form of filesystem
permissions so their use allows anyone on the system to inject code into
the process.

This removes the default preference for abstract sockets in
multiprocessing introduced in Python 3.9+ via
https://github.com/python/cpython/pull/18866 while fixing
https://github.com/python/cpython/issues/84031.

Explicit use of an abstract socket by a user now generates a
RuntimeWarning. If we choose to keep this warning, it should be
backported to the 3.7 and 3.8 branches.
(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)

Co-authored-by: Gregory P. Smith <greg@krypto.org>
Automerge-Triggered-By: GH:gpshead

author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
	Thu, 20 Oct 2022 23:55:51 +0000 (16:55 -0700)
committer	GitHub <noreply@github.com>
	Thu, 20 Oct 2022 23:55:51 +0000 (16:55 -0700)
commit	eae692eed18892309bcc25a2c0f8980038305ea2
tree	8a97ac3bf4f54c7c066265378d8981b82e9178ab	tree \| snapshot
parent	0db4c5990c7b994e0272b7812e2692d110ab2aec	commit \| diff

Lib/multiprocessing/connection.py		diff \| blob \| blame \| history
Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst	[new file with mode: 0644]	blob