https://github.com/python/cpython/commit/e590f007ed8b0268c40bcae445d6b50e06b00960 commit: e590f007ed8b0268c40bcae445d6b50e06b00960 branch: 3.14 author: Miss Islington (bot) <[email protected]> committer: gpshead <[email protected]> date: 2026-04-14T17:06:25-07:00 summary:
[3.14] gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578) (#148583) gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578) remove a mktemp use to avoid security scanner noise (cherry picked from commit fd81246bd55e4fab1976a7cca3e5d42582dbdac0) Co-authored-by: Gregory P. Smith <[email protected]> files: M Lib/multiprocessing/connection.py diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py index a6e1b0c786284b..f577186e91b0d4 100644 --- a/Lib/multiprocessing/connection.py +++ b/Lib/multiprocessing/connection.py @@ -16,7 +16,6 @@ import sys import socket import struct -import tempfile import time @@ -77,7 +76,11 @@ def arbitrary_address(family): if family == 'AF_INET': return ('localhost', 0) elif family == 'AF_UNIX': - return tempfile.mktemp(prefix='sock-', dir=util.get_temp_dir()) + # NOTE: util.get_temp_dir() is a 0o700 per-process directory. A + # mktemp-style ToC vs ToU concern is not important; bind() surfaces + # the extremely unlikely collision as EADDRINUSE. + return os.path.join(util.get_temp_dir(), + f'sock-{os.urandom(6).hex()}') elif family == 'AF_PIPE': return (r'\\.\pipe\pyc-%d-%d-%s' % (os.getpid(), next(_mmap_counter), os.urandom(8).hex())) _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
