[Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors (original) (raw)
Antoine Pitrou solipsis at pitrou.net
Sun Jan 13 14:22:33 CET 2013
- Previous message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
- Next message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sun, 13 Jan 2013 22:44:06 +1000 Nick Coghlan <ncoghlan at gmail.com> wrote:
On Sun, Jan 13, 2013 at 9:43 PM, Antoine Pitrou <solipsis at pitrou.net> wrote: > As for the opacity, feel free to propose something better > ("closeonspawn", whatever). But I'm definitely and strongly -1 > on "noinherit".
That's the main reason I quite like "sensitive" as a term for this, since it decouples the user statement ("this file descriptor provides access to potentially sensitive information") from the steps the interpreter promises to take to protect that information (such as closing it before executing a different program or ensuring it isn't inherited by child processes).
This assumes that some file descriptors are not "sensitive", which sounds a bit weird to me (since a fd will by definition give access to a system resource). What should happen is that no file descriptors are inherited on exec(), except for those few ones which are necessary for proper operation of the exec()ed process.
(it's not even just a security issue: letting a bound socket open and therefore being unable to re-use the same port is a bug even when security is not a concern)
Regards
Antoine.
- Previous message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
- Next message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]