mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-12-23 09:19:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
cpython/Misc
History
Miss Islington (bot) 89697f7374
bpo-47260: Fix os.closerange() potentially being a no-op in a seccomp sandbox (GH-32418) 
_Py_closerange() currently assumes that close_range() closes
all file descriptors even if it returns an error (other than ENOSYS).
This assumption can be wrong on Linux if a seccomp sandbox denies
the underlying syscall, pretending that it returns EPERM or EACCES.
In this case _Py_closerange() won't close any descriptors at all,
which in the worst case can be a security issue.

Fix this by falling back to other methods in case of any close_range()
error. Note that fallbacks will not be triggered on any problems with
closing individual file descriptors because close_range() is documented
to ignore such errors on both Linux[1] and FreeBSD[2].

[1] https://man7.org/linux/man-pages/man2/close_range.2.html
[2] https://www.freebsd.org/cgi/man.cgi?query=close_range&sektion=2
(cherry picked from commit 1c8b3b5d66)

Co-authored-by: Alexey Izbyshev <izbyshev@ispras.ru>
2022-04-08 11:10:38 -07:00
..
NEWS.d bpo-47260: Fix os.closerange() potentially being a no-op in a seccomp sandbox (GH-32418) 2022-04-08 11:10:38 -07:00
ACKS bpo-41233: Add links to errnos referenced in exceptions docs (GH-21380) 2022-04-04 19:30:06 -07:00
coverity_model.c
gdbinit
HISTORY bpo-44740: Make minor edits to lowercasing "internet" and "web". (GH-27385) (#27386) 2021-07-27 11:20:11 +02:00
indent.pro
Porting
python-config.in
python-config.sh.in
python-embed.pc.in
python-wing3.wpr
python-wing4.wpr
python-wing5.wpr
python.man bpo-44584: Deprecate PYTHONTHREADDEBUG env var (GH-27065) 2021-08-06 04:32:37 -07:00
python.pc.in
README
README.AIX
README.coverity
README.valgrind closes bpo-38522 docs: remove references to Py_USING_MEMORY_DEBUGGER (GH-30284) (GH-30295) 2021-12-29 17:01:17 -06:00
requirements-test.txt
SpecialBuilds.txt bpo-43774: Remove unused PYMALLOC_DEBUG macro (GH-25711) 2021-04-29 10:47:47 +02:00
stable_abi.txt [3.10] [Misc] [Mac] Fix typos found using codespell (GH-28756) (GH-28794) 2021-10-07 17:09:30 +02:00
svnmap.txt
valgrind-python.supp
vgrindefs

README 

Python Misc subdirectory
========================

This directory contains files that wouldn't fit in elsewhere.  Some
documents are only of historic importance.

Files found here
----------------

ACKS                    Acknowledgements
gdbinit                 Handy stuff to put in your .gdbinit file, if you use gdb
HISTORY                 News from previous releases -- oldest last
indent.pro              GNU indent profile approximating my C style
NEWS                    News for this release (for some meaning of "this")
Porting                 Mini-FAQ on porting to new platforms
python-config.in        Python script template for python-config
python.man              UNIX man page for the python interpreter
python.pc.in            Package configuration info template for pkg-config
python-wing*.wpr        Wing IDE project file
README                  The file you're reading now
README.AIX              Information about using Python on AIX
README.coverity         Information about running Coverity's Prevent on Python
README.valgrind         Information for Valgrind users, see valgrind-python.supp
SpecialBuilds.txt       Describes extra symbols you can set for debug builds
svnmap.txt              Map of old SVN revs and branches to hg changeset ids,
                        help history-digging
valgrind-python.supp    Valgrind suppression file, see README.valgrind
vgrindefs               Python configuration for vgrind (a generic pretty printer)