From: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Date: Mon, 27 Apr 2026 01:48:39 +0000 (+0200)
Subject: [3.13] Document that multiprocessing treats local same-user processes as trusted... 
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=9e68f174c2f4a7478862b4d5ce98a93ccd635955;p=thirdparty%2FPython%2Fcpython.git

[3.13] Document that multiprocessing treats local same-user processes as trusted (GH-149001) (#149034)

Document that multiprocessing treats local same-user processes as trusted (GH-149001)

Clarify in the Authentication keys section that the authkey handshake
covers Listener/Client (addressable endpoints) only, not the anonymous
pipes behind Pipe() and Queue, and that isolation between same-user
processes must be arranged at the OS level.
(cherry picked from commit f27e91e37212f148b8fe72a3656a69b242625622)

Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
---

diff --git a/Doc/library/multiprocessing.rst b/Doc/library/multiprocessing.rst
index 78a38da427c8..eab6bbecb468 100644
--- a/Doc/library/multiprocessing.rst
+++ b/Doc/library/multiprocessing.rst
@@ -2829,6 +2829,16 @@ between themselves.
 
 Suitable authentication keys can also be generated by using :func:`os.urandom`.
 
+This authentication protects :class:`Listener` and :func:`Client` connections,
+which are reachable by address.  It is not applied to the anonymous pipes
+created by :func:`~multiprocessing.Pipe` or used internally by
+:class:`~multiprocessing.Queue`.
+:mod:`multiprocessing` treats all local processes running as the same user as
+trusted; on most operating systems such processes can access each other's pipe
+file descriptors regardless.  Applications that require isolation between
+processes of the same user must arrange it at the operating-system level --
+for example, by running workers under a different user account or in a sandbox.
+
 
 Logging
 ^^^^^^^