[Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Sun Jan 13 14:53:50 CET 2013

• Previous message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
• Next message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 13 Jan 2013 23:49:32 +1000 Nick Coghlan <ncoghlan at gmail.com> wrote:

> (it's not even just a security issue: letting a bound socket open and > therefore being unable to re-use the same port is a bug even when > security is not a concern) Agreed, but it's the security implications that let us even contemplate the backwards compatibility break. We either let inexperienced users continue to write insecure software by default, or we close the loophole and tell experienced users "hey, to upgrade to Python 3.4, you will need to address this change in behaviour". The nice thing is that with enough advance warning, they should be able to update their code to forcibly clear the flag in a way that works even on earlier Python versions. A more conservative approach, based on the steps taken in introducing hash randomisation, would be to expose the setting as an environment variable in 3.4, and then switch the default behaviour in 3.5.

The "more conservative approach" sounds good to me :-)

Regards

Antoine.

• Previous message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
• Next message: [Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list