| msg143192 - (view) |
Author: Ferringb (ferringb) * |
Date: 2011-08-30 00:31 |
| Roughly; tempfile's uniqueness is derived from a global random instance; while there are protections for thread access, a forked child process /will/ inherit that PRNG source, resulting in children/parent trying the same set of names. Mostly it's proving annoying in some code I have to deal in, although it wouldn't surprise me if someone watching a known temp location could use the predictability in some fashion. As for affect, all versions of python have this; attached patch is cut against trunk. |
|
|
| msg143193 - (view) |
Author: Ferringb (ferringb) * |
Date: 2011-08-30 00:33 |
| Bleh; pardon, reuploading the patch. hg export aparently appends to the output file rather than overwriting it (last patch had duplicated content in it). |
|
|
| msg143195 - (view) |
Author: Antoine Pitrou (pitrou) *  |
Date: 2011-08-30 01:11 |
| Interesting, thank you. Two nits: - the test must be skipped where os.fork() isn't available (namely, under Windows) - I would do os.read(fd, 100) (or some other large value) rather than os.read(fd, 6), so that the test doesn't depend on the exact length of the random sequences produced |
|
|
| msg143196 - (view) |
Author: Ferringb (ferringb) * |
Date: 2011-08-30 02:07 |
| > the test must be skipped where os.fork() isn't available (namely, under Windows) Done, although I still humbly suggest telling windows to bugger off ;) > I would do os.read(fd, 100) (or some other large value) rather than os.read(fd, 6), so that the test doesn't depend on the exact length of the random sequences produced 100 is no different than 6 (same potential exists); better to just use the length from the parent side access to the PRNG. That leaves open the unlikely scenario of child returning 7 chars, parent 6, and child/parent agreeing on the first 6... which would very likely be a bug anyways. |
|
|
| msg147078 - (view) |
Author: Charles-François Natali (neologix) * |
Date: 2011-11-05 10:45 |
| The patch looks good to me. Note that the whole kill(pid, SIGKILL) looks overkill to me... |
|
|
| msg148358 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2011-11-25 20:38 |
| New changeset 3c9ddd93c983 by Antoine Pitrou in branch '3.2': Issue #12856: Ensure child processes do not inherit the parent's random seed for filename generation in the tempfile module. http://hg.python.org/cpython/rev/3c9ddd93c983 New changeset 588087429809 by Antoine Pitrou in branch 'default': Issue #12856: Ensure child processes do not inherit the parent's random seed for filename generation in the tempfile module. http://hg.python.org/cpython/rev/588087429809 New changeset e42be90eb9c5 by Antoine Pitrou in branch '2.7': Issue #12856: Ensure child processes do not inherit the parent's random seed for filename generation in the tempfile module. http://hg.python.org/cpython/rev/e42be90eb9c5 |
|
|
| msg148359 - (view) |
Author: Antoine Pitrou (pitrou) * |
Date: 2011-11-25 20:39 |
| Patch committed, thank you! |
|
|