On Sun, 13 Jan 2013 22:44:06 +1000
Nick Coghlan <ncogh...@gmail.com> wrote:
> On Sun, Jan 13, 2013 at 9:43 PM, Antoine Pitrou <solip...@pitrou.net> wrote:
> > As for the opacity, feel free to propose something better
> > ("close_on_spawn", whatever). But I'm definitely and strongly -1
> > on "noinherit".
>
> That's the main reason I quite like "sensitive" as a term for this,
> since it decouples the user statement ("this file descriptor provides
> access to potentially sensitive information") from the steps the
> interpreter promises to take to protect that information (such as
> closing it before executing a different program or ensuring it isn't
> inherited by child processes).
This assumes that some file descriptors are not "sensitive", which
sounds a bit weird to me (since a fd will by definition give access
to a system resource). What should happen is that *no* file descriptors
are inherited on exec(), except for those few ones which are necessary
for proper operation of the exec()ed process.
(it's not even just a security issue: letting a bound socket open and
therefore being unable to re-use the same port is a bug even when
security is not a concern)
Regards
Antoine.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
