Rooba
/
cpython
mirror of https://github.com/python/cpython.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cpython/Misc/NEWS.d
History
Gregory P. Smith 7191b7662e
gh-97514: Authenticate the forkserver control socket. (GH-99309) 
This adds authentication to the forkserver control socket. In the past only filesystem permissions protected this socket from code injection into the forkserver process by limiting access to the same UID, which didn't exist when Linux abstract namespace sockets were used (see issue) meaning that any process in the same system network namespace could inject code. We've since stopped using abstract namespace sockets by default, but protecting our control sockets regardless of type is a good idea.

This reuses the HMAC based shared key auth already used by `multiprocessing.connection` sockets for other purposes.

Doing this is useful so that filesystem permissions are not relied upon and trust isn't implied by default between all processes running as the same UID with access to the unix socket.

### pyperformance benchmarks

No significant changes. Including `concurrent_imap` which exercises `multiprocessing.Pool.imap` in that suite.

### Microbenchmarks

This does _slightly_ slow down forkserver use. How much so appears to depend on the platform. Modern platforms and simple platforms are less impacted. This PR adds additional IPC round trips to the control socket to tell forkserver to spawn a new process. Systems with potentially high latency IPC are naturally impacted more.

Typically a 1-4% slowdown on a very targeted process creation microbenchmark, with a worst case overloaded system slowdown of 20%.  No evidence that these slowdowns appear in practical sense.  See the PR for details.
 		2024-11-20 08:18:58 -08:00
..
next gh-97514: Authenticate the forkserver control socket. (GH-99309) 2024-11-20 08:18:58 -08:00
3.5.0.rst
3.5.0a1.rst gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) 2024-07-19 08:06:02 +00:00
3.5.0a2.rst
3.5.0a3.rst
3.5.0a4.rst
3.5.0b1.rst
3.5.0b2.rst
3.5.0b3.rst
3.5.0b4.rst
3.5.0rc1.rst
3.5.0rc2.rst
3.5.0rc3.rst
3.5.0rc4.rst
3.5.1.rst
3.5.1rc1.rst
3.5.2.rst
3.5.2rc1.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.5.3.rst
3.5.3rc1.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.5.4.rst
3.5.4rc1.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.5.5.rst
3.5.5rc1.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.6.0.rst
3.6.0a1.rst NEWS: Fix Sphinx warnings and increase threshold for new news nits (#121482) 2024-07-08 14:30:05 -06:00
3.6.0a2.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.6.0a3.rst
3.6.0a4.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.6.0b1.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.6.0b2.rst Docs: fix typos in documentation (gh-118941) 2024-05-15 18:38:32 -05:00
3.6.0b3.rst
3.6.0b4.rst
3.6.0rc1.rst
3.6.0rc2.rst
3.6.1.rst
3.6.1rc1.rst
3.6.2.rst
3.6.2rc1.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.6.2rc2.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.6.3.rst
3.6.3rc1.rst Docs: fix typos in documentation (gh-118941) 2024-05-15 18:38:32 -05:00
3.6.4.rst
3.6.4rc1.rst
3.6.5.rst
3.6.5rc1.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.6.6.rst
3.6.6rc1.rst
3.7.0.rst
3.7.0a1.rst Docs: fix typos in documentation (gh-118941) 2024-05-15 18:38:32 -05:00
3.7.0a2.rst
3.7.0a3.rst
3.7.0a4.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.7.0b1.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.7.0b2.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.7.0b3.rst Docs: add link roles with Sphinx extlinks (#117850) 2024-04-15 21:22:00 +03:00
3.7.0b4.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.7.0b5.rst
3.7.0rc1.rst
3.8.0a1.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.8.0a2.rst gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) 2024-07-19 08:06:02 +00:00
3.8.0a3.rst
3.8.0a4.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.8.0b1.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.9.0a1.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.9.0a2.rst gh-101100: Fix Sphinx warnings in `whatsnew/3.9.rst` (#118364) 2024-04-28 20:31:22 +03:00
3.9.0a3.rst
3.9.0a4.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.9.0a5.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.9.0a6.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.9.0b1.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.10.0a1.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.10.0a2.rst gh-101100: Consolidate documentation on `ModuleType` attributes (#124709) 2024-10-09 10:53:57 +00:00
3.10.0a3.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.10.0a4.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.10.0a5.rst NEWS: Fix Sphinx warnings and increase threshold for new news nits (#121482) 2024-07-08 14:30:05 -06:00
3.10.0a6.rst NEWS: Fix Sphinx warnings and increase threshold for new news nits (#121482) 2024-07-08 14:30:05 -06:00
3.10.0a7.rst GH-103484: Fix permanently redirects reported by linkcheck (GH-124144) 2024-09-17 02:53:38 +00:00
3.10.0b1.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.11.0a1.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.11.0a2.rst NEWS: Fix Sphinx warnings and increase threshold for new news nits (#121482) 2024-07-08 14:30:05 -06:00
3.11.0a3.rst NEWS: Fix Sphinx warnings and increase threshold for new news nits (#121482) 2024-07-08 14:30:05 -06:00
3.11.0a4.rst NEWS: Fix Sphinx warnings and increase threshold for new news nits (#121482) 2024-07-08 14:30:05 -06:00
3.11.0a5.rst gh-101100: Consolidate documentation on `ModuleType` attributes (#124709) 2024-10-09 10:53:57 +00:00
3.11.0a6.rst gh-121905: Consistently use "floating-point" instead of "floating point" (GH-121907) 2024-07-19 08:06:02 +00:00
3.11.0a7.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.11.0b1.rst Use pep role instead of url (#121611) 2024-09-17 16:02:14 +03:00
3.12.0a1.rst gh-101100: Consolidate documentation on `ModuleType` attributes (#124709) 2024-10-09 10:53:57 +00:00
3.12.0a2.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.12.0a3.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.12.0a4.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.12.0a5.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.12.0a6.rst GH-103484: Fix permanently redirects reported by linkcheck (GH-124144) 2024-09-17 02:53:38 +00:00
3.12.0a7.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.12.0b1.rst gh-97850: remove ``find_loader`` and ``get_loader`` from ``pkgutil`` (#119656) 2024-11-01 18:35:22 +02:00
3.13.0a1.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.13.0a2.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.13.0a3.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.13.0a4.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.13.0a5.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.13.0a6.rst gh-123492: Remove unnecessary `:func:` parentheses (#123493) 2024-08-30 14:34:09 +03:00
3.13.0b1.rst gh-123517: Remove unnecessary ``:meth:`` parentheses (#123518) 2024-09-01 05:59:42 +01:00
3.14.0a1.rst Python 3.14.0a1 2024-10-15 22:34:54 +03:00
3.14.0a2.rst Python 3.14.0a2 2024-11-19 16:52:44 +02:00