[Python-Dev] Set close-on-exec flag by default in SocketServer (original) (raw)
Charles-François Natali neologix at free.fr
Thu Jan 10 09:06:25 CET 2013
- Previous message: [Python-Dev] Set close-on-exec flag by default in SocketServer
- Next message: [Python-Dev] fork or exec?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The SocketServer class creates a socket to listen on clients, and a new socket per client (only for stream server like TCPServer, not for UDPServer).
Until recently (2011-05-24, issue #5715), the listening socket was not closed after fork for the ForkingMixIn flavor. This caused two issues: it's a security leak, and it causes "address already in use" error if the server is restarted (see the first message of #12107 for an example with Django).
Note that the server socket is actually still not closed in the child process: one this gets fixed, setting FD_CLOEXEC will not be useful anymore (but it would be an extra security it it could be done atomically, especially against race conditions in multi-threaded applications). (Same thing for the client socket, which is actually already closed in the parent process).
As for the backward compatibility issue, here's a thought: subprocess was changed in 3.2 to close all FDs > 2 in the child process by default. AFAICT, we didn't get a single report complaining about this behavior change. OTOH, we did get numerous bug reports due to FDs inherited by subprocesses before that change. (I know that Python >= 3.2 is less widespread than its predecessors, but still).
- Previous message: [Python-Dev] Set close-on-exec flag by default in SocketServer
- Next message: [Python-Dev] fork or exec?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]