[Python-Dev] Proposal for a new function "open_noinherit" to avoid problems with subprocesses and security risks

"Martin v. Löwis" martin at v.loewis.de
Sat Jun 23 21:34:55 CEST 2007

> One fix is to always use subprocess.Popen and specify that
> close_fd=True, which wasn't difficult for me, but I can imagine that
> an easy way to set close-on-exec would be simpler in other cases.

I think the complaint is not so much about simplicity, but correctness.
close_fd also closes stdin/stdout/stderr, which might be undesirable
and differs from POSIX.

In any case, providing a uniform set-close-on-exec looks fine to me,
provided it is implementable on all interesting platforms.

I'm -0 on adding "n" to open, and -1 for adding if it means to
reimplement fopen.


More information about the Python-Dev mailing list