[New-bugs-announce] [issue17070] Use the new cloexec to improve security and avoid bugs

STINNER Victor report at bugs.python.org
Tue Jan 29 14:09:17 CET 2013

New submission from STINNER Victor:

Attached patches use the new cloexec parameter added by the PEP 433 (see issue #17036).

cloexec_fs_walk.patch: [security] don't leak a file descriptors of directories to a child processes
cloexec_listening_socket.patch: [security] don't leak a listening socket to child processes, see also #12107
cloexec_log_file.patch: [security] don't leak the file descriptor of a log file to child processes
cloexec_subprocess.patch: [security/bugs] don't leak file descriptors to child processes
cloexec_misc.patch: misc mmodules

"security" is a strong word: if subprocess is called with close_fds=True, there is no such problem at all. It's more a theorical problem if a process is created in another thread without using the subprocess module (but directly low level functions).

components: Library (Lib)
files: cloexec_fs_walk.patch
keywords: patch
messages: 180905
nosy: haypo, neologix
priority: normal
severity: normal
status: open
title: Use the new cloexec to improve security and avoid bugs
versions: Python 3.4
Added file: http://bugs.python.org/file28888/cloexec_fs_walk.patch

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list