[Python-Dev] PEP 446 (make FD non inheritable) ready for a final review (original) (raw)

Antoine Pitrou solipsis at pitrou.net
Tue Aug 27 21:20:42 CEST 2013

• Previous message: [Python-Dev] PEP 446 (make FD non inheritable) ready for a final review
• Next message: [Python-Dev] PEP 446 (make FD non inheritable) ready for a final review
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I have a small comment to make:

On UNIX, the subprocess module closes almost all file descriptors in the child process. This operation requires MAXFD system calls, where MAXFD is the maximum number of file descriptors, even if there are only few open file descriptors. This maximum can be read using: os.sysconf("SCOPENMAX").

If your intent is to remove the closerange() call from subprocess, be aware that it may let through some file descriptors opened by third-party code (such as C extensions). This may or may not be something we want to worry about, but there's still a small potential for security regressions.

Regards

Antoine.

• Previous message: [Python-Dev] PEP 446 (make FD non inheritable) ready for a final review
• Next message: [Python-Dev] PEP 446 (make FD non inheritable) ready for a final review
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list