https://github.com/python/cpython/commit/fd81246bd55e4fab1976a7cca3e5d42582dbdac0
commit: fd81246bd55e4fab1976a7cca3e5d42582dbdac0
branch: main
author: Gregory P. Smith <[email protected]>
committer: gpshead <[email protected]>
date: 2026-04-14T23:31:58Z
summary:
gh-137335: remove a mktemp use in multiprocessing.connection to avoid security
scanner noise (GH-148578)
remove a mktemp use to avoid security scanner noise
files:
M Lib/multiprocessing/connection.py
diff --git a/Lib/multiprocessing/connection.py
b/Lib/multiprocessing/connection.py
index 9ce996c9ccd211..e37ec07d722ca8 100644
--- a/Lib/multiprocessing/connection.py
+++ b/Lib/multiprocessing/connection.py
@@ -16,7 +16,6 @@
import sys
import socket
import struct
-import tempfile
import time
@@ -77,7 +76,11 @@ def arbitrary_address(family):
if family == 'AF_INET':
return ('localhost', 0)
elif family == 'AF_UNIX':
- return tempfile.mktemp(prefix='sock-', dir=util.get_temp_dir())
+ # NOTE: util.get_temp_dir() is a 0o700 per-process directory. A
+ # mktemp-style ToC vs ToU concern is not important; bind() surfaces
+ # the extremely unlikely collision as EADDRINUSE.
+ return os.path.join(util.get_temp_dir(),
+ f'sock-{os.urandom(6).hex()}')
elif family == 'AF_PIPE':
return (r'\\.\pipe\pyc-%d-%d-%s' %
(os.getpid(), next(_mmap_counter), os.urandom(8).hex()))
_______________________________________________
Python-checkins mailing list -- [email protected]
To unsubscribe send an email to [email protected]
https://mail.python.org/mailman3//lists/python-checkins.python.org
Member address: [email protected]
