https://github.com/python/cpython/commit/ba2f30eb83fc05c60cf99802dcce6ac1d9a46cf0 commit: ba2f30eb83fc05c60cf99802dcce6ac1d9a46cf0 branch: 3.13 author: Miss Islington (bot) <[email protected]> committer: gpshead <[email protected]> date: 2026-04-14T17:06:33-07:00 summary:
[3.13] gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578) (#148584) gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578) remove a mktemp use to avoid security scanner noise (cherry picked from commit fd81246bd55e4fab1976a7cca3e5d42582dbdac0) Co-authored-by: Gregory P. Smith <[email protected]> files: M Lib/multiprocessing/connection.py diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py index efb9ea95ab4696..2a0151dab80234 100644 --- a/Lib/multiprocessing/connection.py +++ b/Lib/multiprocessing/connection.py @@ -75,7 +75,11 @@ def arbitrary_address(family): if family == 'AF_INET': return ('localhost', 0) elif family == 'AF_UNIX': - return tempfile.mktemp(prefix='sock-', dir=util.get_temp_dir()) + # NOTE: util.get_temp_dir() is a 0o700 per-process directory. A + # mktemp-style ToC vs ToU concern is not important; bind() surfaces + # the extremely unlikely collision as EADDRINUSE. + return os.path.join(util.get_temp_dir(), + f'sock-{os.urandom(6).hex()}') elif family == 'AF_PIPE': return (r'\\.\pipe\pyc-%d-%d-%s' % (os.getpid(), next(_mmap_counter), os.urandom(8).hex())) _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
