[Python-Dev] PEP 446 (make FD non inheritable) ready for a final review (original) (raw)
Victor Stinner victor.stinner at gmail.com
Tue Aug 27 22:26:31 CEST 2013
- Previous message: [Python-Dev] PEP 446 (make FD non inheritable) ready for a final review
- Next message: [Python-Dev] Pre-PEP: Redesigning extension modules
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2013/8/27 Antoine Pitrou <solipsis at pitrou.net>:
On UNIX, the subprocess module closes almost all file descriptors in the child process. This operation requires MAXFD system calls, where MAXFD is the maximum number of file descriptors, even if there are only few open file descriptors. This maximum can be read using: os.sysconf("SCOPENMAX"). If your intent is to remove the closerange() call from subprocess, be aware that it may let through some file descriptors opened by third-party code (such as C extensions). This may or may not be something we want to worry about, but there's still a small potential for security regressions.
The PEP doesn't change the default value of the close_fds parameter of subprocess: file descriptors and handles are still closed in the child process.
I modified the PEP to explain the link between non-inheritable FDs and performances: http://hg.python.org/peps/rev/d88fbf9941fa
If you don't use third party code, or if you control third party code and you know that these modules only create non-inheritable FDs, it is now safe (thanks to the PEP 446) to use close_fds=False... which avoids the cost of closing MAXFD file descriptors explicitly in the child process.
Victor
- Previous message: [Python-Dev] PEP 446 (make FD non inheritable) ready for a final review
- Next message: [Python-Dev] Pre-PEP: Redesigning extension modules
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]