[Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
Nick Coghlan
ncoghlan at gmail.com
Sun Jan 13 13:44:06 CET 2013
On Sun, Jan 13, 2013 at 9:43 PM, Antoine Pitrou <solipsis at pitrou.net> wrote:
> As for the opacity, feel free to propose something better
> ("close_on_spawn", whatever). But I'm definitely and strongly -1
> on "noinherit".
That's the main reason I quite like "sensitive" as a term for this,
since it decouples the user statement ("this file descriptor provides
access to potentially sensitive information") from the steps the
interpreter promises to take to protect that information (such as
closing it before executing a different program or ensuring it isn't
inherited by child processes).
We can then define a glossary entry for "sensitive" that explains the
consequences of flagging a descriptor as sensitive on the various
operating systems (i.e. setting cloexec on POSIX and noinherit on
Windows). As the platforms provide additional security mechanisms, we
can provide them without needing to change the user facing APIs.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
More information about the Python-Dev
mailing list