[3.11] gh-97514: Don't use Linux abstract sockets for multiprocessing (GH-98501) (GH-98502)

Linux abstract sockets are insecure as they lack any form of filesystem permissions so their use allows anyone on the system to inject code into the process. This removes the default preference for abstract sockets in multiprocessing introduced in Python 3.9+ via https://github.com/python/cpython/pull/18866 while fixing https://github.com/python/cpython/issues/84031. Explicit use of an abstract socket by a user now generates a RuntimeWarning. If we choose to keep this warning, it should be backported to the 3.7 and 3.8 branches. (cherry picked from commit 49f61068f4) Co-authored-by: Gregory P. Smith <greg@krypto.org> Automerge-Triggered-By: GH:gpshead
2025-08-04 00:48:58 +00:00 · 2022-10-20 16:55:37 -07:00 · 2022-10-20 16:55:37 -07:00 · 4686d77a04
commit 4686d77a04
parent 1520f4e45b
2 changed files with 15 additions and 5 deletions
--- a/Lib/multiprocessing/connection.py
+++ b/Lib/multiprocessing/connection.py
@ -73,11 +73,6 @@ def arbitrary_address(family):
    if family == 'AF_INET':
        return ('localhost', 0)
    elif family == 'AF_UNIX':
-        # Prefer abstract sockets if possible to avoid problems with the address
-        # size.  When coding portable applications, some implementations have
-        # sun_path as short as 92 bytes in the sockaddr_un struct.
-        if util.abstract_sockets_supported:
-            return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
        return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
    elif family == 'AF_PIPE':
        return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %