diff options
| author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2023-12-04 23:33:59 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-04 23:33:59 (GMT) |
| commit | 85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06 (patch) | |
| tree | 00c6520449bbeb763306bb3835c6236399dce1bc /Lib/tempfile.py | |
| parent | 494cd508c013b8fc8771a3b65d78da19d9b3c179 (diff) | |
| download | cpython-85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06.zip cpython-85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06.tar.gz cpython-85bbfa8a4bbdbb61a3a84fbd7cb29a4096ab8a06.tar.bz2 | |
[3.12] gh-112334: Restore subprocess's use of `vfork()` & fix `extra_groups=[]` behavior (GH-112617) (#112731)
Restore `subprocess`'s intended use of `vfork()` by default for performance on Linux;
also fixes the behavior of `extra_groups=[]` which was unintentionally broken in 3.12.0:
Fixed a performance regression in 3.12's :mod:`subprocess` on Linux where it
would no longer use the fast-path ``vfork()`` system call when it could have
due to a logic bug, instead falling back to the safe but slower ``fork()``.
Also fixed a security bug introduced in 3.12.0. If a value of ``extra_groups=[]``
was passed to :mod:`subprocess.Popen` or related APIs, the underlying
``setgroups(0, NULL)`` system call to clear the groups list would not be made
in the child process prior to ``exec()``.
The security issue was identified via code inspection in the process of
fixing the first bug. Thanks to @vain for the detailed report and
analysis in the initial bug on Github.
(cherry picked from commit 9fe7655c6ce0b8e9adc229daf681b6d30e6b1610)
+ Reword NEWS for the bugfix/security release. (mentions the assigned CVE number)
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
Diffstat (limited to 'Lib/tempfile.py')
0 files changed, 0 insertions, 0 deletions