[issue12856] tempfile PRNG reuse between parent and child process
Roundup Robot devn...@psf.upfronthosting.co.za added the comment: New changeset 3c9ddd93c983 by Antoine Pitrou in branch '3.2': Issue #12856: Ensure child processes do not inherit the parent's random seed for filename generation in the tempfile module. http://hg.python.org/cpython/rev/3c9ddd93c983 New changeset 588087429809 by Antoine Pitrou in branch 'default': Issue #12856: Ensure child processes do not inherit the parent's random seed for filename generation in the tempfile module. http://hg.python.org/cpython/rev/588087429809 New changeset e42be90eb9c5 by Antoine Pitrou in branch '2.7': Issue #12856: Ensure child processes do not inherit the parent's random seed for filename generation in the tempfile module. http://hg.python.org/cpython/rev/e42be90eb9c5 -- nosy: +python-dev ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12856 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12856] tempfile PRNG reuse between parent and child process
Antoine Pitrou pit...@free.fr added the comment: Patch committed, thank you! -- resolution: - fixed stage: patch review - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12856 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12856] tempfile PRNG reuse between parent and child process
Charles-François Natali neolo...@free.fr added the comment: The patch looks good to me. Note that the whole kill(pid, SIGKILL) looks overkill to me... -- nosy: +neologix ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12856 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12856] tempfile PRNG reuse between parent and child process
Ferringb ferri...@gmail.com added the comment: Bleh; pardon, reuploading the patch. hg export aparently appends to the output file rather than overwriting it (last patch had duplicated content in it). -- Added file: http://bugs.python.org/file23067/unique-seed-per-process-tempfile.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12856 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12856] tempfile PRNG reuse between parent and child process
New submission from Ferringb ferri...@gmail.com: Roughly; tempfile's uniqueness is derived from a global random instance; while there are protections for thread access, a forked child process /will/ inherit that PRNG source, resulting in children/parent trying the same set of names. Mostly it's proving annoying in some code I have to deal in, although it wouldn't surprise me if someone watching a known temp location could use the predictability in some fashion. As for affect, all versions of python have this; attached patch is cut against trunk. -- files: unique-seed-per-process-tempfile.patch keywords: patch messages: 143192 nosy: ferringb priority: normal severity: normal status: open title: tempfile PRNG reuse between parent and child process type: behavior Added file: http://bugs.python.org/file23066/unique-seed-per-process-tempfile.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12856 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12856] tempfile PRNG reuse between parent and child process
Changes by Ferringb ferri...@gmail.com: Removed file: http://bugs.python.org/file23066/unique-seed-per-process-tempfile.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12856 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12856] tempfile PRNG reuse between parent and child process
Antoine Pitrou pit...@free.fr added the comment: Interesting, thank you. Two nits: - the test must be skipped where os.fork() isn't available (namely, under Windows) - I would do os.read(fd, 100) (or some other large value) rather than os.read(fd, 6), so that the test doesn't depend on the exact length of the random sequences produced -- components: +Library (Lib) nosy: +ncoghlan, pitrou stage: - patch review versions: +Python 2.7, Python 3.2, Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12856 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue12856] tempfile PRNG reuse between parent and child process
Ferringb ferri...@gmail.com added the comment: the test must be skipped where os.fork() isn't available (namely, under Windows) Done, although I still humbly suggest telling windows to bugger off ;) I would do os.read(fd, 100) (or some other large value) rather than os.read(fd, 6), so that the test doesn't depend on the exact length of the random sequences produced 100 is no different than 6 (same potential exists); better to just use the length from the parent side access to the PRNG. That leaves open the unlikely scenario of child returning 7 chars, parent 6, and child/parent agreeing on the first 6... which would very likely be a bug anyways. -- Added file: http://bugs.python.org/file23068/unique-seed-per-process-tempfile.patch ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue12856 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
