[Python-Dev] PEP 433: Add cloexec argument to functions creating file descriptors
Antoine Pitrou
solipsis at pitrou.net
Sun Jan 13 14:53:50 CET 2013
On Sun, 13 Jan 2013 23:49:32 +1000
Nick Coghlan <ncoghlan at gmail.com> wrote:
>
> > (it's not even just a security issue: letting a bound socket open and
> > therefore being unable to re-use the same port is a bug even when
> > security is not a concern)
>
> Agreed, but it's the security implications that let us even
> contemplate the backwards compatibility break. We either let
> inexperienced users continue to write insecure software by default, or
> we close the loophole and tell experienced users "hey, to upgrade to
> Python 3.4, you will need to address this change in behaviour".
>
> The nice thing is that with enough advance warning, they should be
> able to update their code to forcibly clear the flag in a way that
> works even on earlier Python versions.
>
> A more conservative approach, based on the steps taken in introducing
> hash randomisation, would be to expose the setting as an environment
> variable in 3.4, and then switch the default behaviour in 3.5.
The "more conservative approach" sounds good to me :-)
Regards
Antoine.
More information about the Python-Dev
mailing list