[Python-Dev] Set close-on-exec flag by default in SocketServer

Senthil Kumaran senthil at uthcode.com
Wed Jan 9 18:12:41 CET 2013


On Wed, Jan 9, 2013 at 4:48 AM, Victor Stinner <victor.stinner at gmail.com> wrote:
> My question is: would you accept to break backward compatibility (in
> Python 3.4) to fix a potential security vulnerability?
>
> If not, an alternative is to add an option, disabled by default, to
> enable (or disable) explicitly close-on-exec in Python 3.4, and wait
> for 3.5 to enable the option by default. So applications might disable
> the flag explicitly in Python 3.4.

If the end goal is indeed going to close-on-exec ON by default, then I
think having it 3.4 itself is a good idea.
OFF for one release just gives the framework developers who use
SocketServer some additional time.

Usually, I have realized that framework devs try our release
candidates and see if they see any potential changes to be done. If
they realize this change in their testing, it would be good for both
parties.

So, my vote. +1 for  making that in 3.4

Thank you,
Senthil


More information about the Python-Dev mailing list