Skip to content
Snippets Groups Projects
Unverified Commit 4c0c1e20 authored by Miss Islington (bot)'s avatar Miss Islington (bot) Committed by Pablo Galindo
Browse files

[3.11] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501) (GH-98502) 


Linux abstract sockets are insecure as they lack any form of filesystem
permissions so their use allows anyone on the system to inject code into
the process.

This removes the default preference for abstract sockets in
multiprocessing introduced in Python 3.9+ via
https://github.com/python/cpython/pull/18866 while fixing
https://github.com/python/cpython/issues/84031

.

Explicit use of an abstract socket by a user now generates a
RuntimeWarning.  If we choose to keep this warning, it should be
backported to the 3.7 and 3.8 branches.
(cherry picked from commit 49f61068)


Co-authored-by: default avatarGregory P. Smith <greg@krypto.org>

Automerge-Triggered-By: GH:gpshead
parent d0ab10f6
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment