mirror of https://github.com/python/cpython
7191b7662e
This adds authentication to the forkserver control socket. In the past only filesystem permissions protected this socket from code injection into the forkserver process by limiting access to the same UID, which didn't exist when Linux abstract namespace sockets were used (see issue) meaning that any process in the same system network namespace could inject code. We've since stopped using abstract namespace sockets by default, but protecting our control sockets regardless of type is a good idea. This reuses the HMAC based shared key auth already used by `multiprocessing.connection` sockets for other purposes. Doing this is useful so that filesystem permissions are not relied upon and trust isn't implied by default between all processes running as the same UID with access to the unix socket. ### pyperformance benchmarks No significant changes. Including `concurrent_imap` which exercises `multiprocessing.Pool.imap` in that suite. ### Microbenchmarks This does _slightly_ slow down forkserver use. How much so appears to depend on the platform. Modern platforms and simple platforms are less impacted. This PR adds additional IPC round trips to the control socket to tell forkserver to spawn a new process. Systems with potentially high latency IPC are naturally impacted more. Typically a 1-4% slowdown on a very targeted process creation microbenchmark, with a worst case overloaded system slowdown of 20%. No evidence that these slowdowns appear in practical sense. See the PR for details. |
||
|---|---|---|
| .. | ||
| 2.0.rst | ||
| 2.1.rst | ||
| 2.2.rst | ||
| 2.3.rst | ||
| 2.4.rst | ||
| 2.5.rst | ||
| 2.6.rst | ||
| 2.7.rst | ||
| 3.0.rst | ||
| 3.1.rst | ||
| 3.2.rst | ||
| 3.3.rst | ||
| 3.4.rst | ||
| 3.5.rst | ||
| 3.6.rst | ||
| 3.7.rst | ||
| 3.8.rst | ||
| 3.9.rst | ||
| 3.10.rst | ||
| 3.11.rst | ||
| 3.12.rst | ||
| 3.13.rst | ||
| 3.14.rst | ||
| changelog.rst | ||
| index.rst | ||