[Python-bugs-list] [ python-Bugs-510910 ] File inheritance across exec/spawn
noreply@sourceforge.net
noreply@sourceforge.net
Fri, 22 Mar 2002 14:49:56 -0800
Bugs item #510910, was opened at 2002-01-30 16:26
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=510910&group_id=5470
Category: Python Library
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Tim Peters (tim_one)
Assigned to: Nobody/Anonymous (nobody)
Summary: File inheritance across exec/spawn
Initial Comment:
For 2.3, I added a new tempfile.TemporaryFile
implementation for Windows that (among other good
things) arranges that spawned processes will no longer
inherit the temp files' underlying open file
descriptors. There are multiple reasons for doing so
on Windows, and one that's "an issue" across all
platforms is security.
Temp files may (will, AFAICT) still get inherited on
other platforms. And inheriting open files of other
kinds may still be an issue on all platforms.
Guido sez (from email):
"""
This is exactly what happens on Unix, I'm afraid. Is
there a way around that? Across fork(), I think it's
fair (might be intentional). Across exec(), I think
there's no point. We should use fcntl() with F_SETFD
to set the FD_CLOEXEC bit.
"""
There is no fork on Windows, so life is simpler there;
OTOH, there's no FD_CLOEXEC bit on Windows either, so
life is harder there if we want to extend this to
other files. I'm inclined to think we should stick to
setting policy only for temp files; *we* create them,
and the user has no control over how we create them.
For files the user opens themself, they can get at
FD_CLOEXEC (on platforms supporting it) from Python.
They can also get at O_NOINHERIT on Windows in 2.3
(when using os.open()).
----------------------------------------------------------------------
>Comment By: Tim Peters (tim_one)
Date: 2002-03-22 17:49
Message:
Logged In: YES
user_id=31435
I expect Guido is suggesting at least that, and since it's
my bug report <wink> I'd be happy to close it if that much
is done. Security Geeks may or may not wish to argue that
all files opened by Python do likewise, but, if so, they
can open their bug report.
----------------------------------------------------------------------
Comment By: Neil Schemenauer (nascheme)
Date: 2002-03-22 17:35
Message:
Logged In: YES
user_id=35752
What's the bug here? I'm guessing that Guido is suggesting
that TemporaryFile set the FD_CLOEXEC. Is that right?
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=105470&aid=510910&group_id=5470