[Python-Dev] Set close-on-exec flag by default in SocketServer (original) (raw)

Senthil Kumaran senthil at uthcode.com
Wed Jan 9 18:12:41 CET 2013

• Previous message: [Python-Dev] Set close-on-exec flag by default in SocketServer
• Next message: [Python-Dev] Set close-on-exec flag by default in SocketServer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 9, 2013 at 4:48 AM, Victor Stinner <victor.stinner at gmail.com> wrote:

My question is: would you accept to break backward compatibility (in Python 3.4) to fix a potential security vulnerability?

If not, an alternative is to add an option, disabled by default, to enable (or disable) explicitly close-on-exec in Python 3.4, and wait for 3.5 to enable the option by default. So applications might disable the flag explicitly in Python 3.4.

If the end goal is indeed going to close-on-exec ON by default, then I think having it 3.4 itself is a good idea. OFF for one release just gives the framework developers who use SocketServer some additional time.

Usually, I have realized that framework devs try our release candidates and see if they see any potential changes to be done. If they realize this change in their testing, it would be good for both parties.

So, my vote. +1 for making that in 3.4

Thank you, Senthil

• Previous message: [Python-Dev] Set close-on-exec flag by default in SocketServer
• Next message: [Python-Dev] Set close-on-exec flag by default in SocketServer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list