mirror of
https://github.com/python/cpython.git
synced 2026-05-06 04:37:33 -04:00
[3.14] Document that multiprocessing treats local same-user processes as trusted (GH-149001) (#149033)
Document that multiprocessing treats local same-user processes as trusted (GH-149001)
Clarify in the Authentication keys section that the authkey handshake
covers Listener/Client (addressable endpoints) only, not the anonymous
pipes behind Pipe() and Queue, and that isolation between same-user
processes must be arranged at the OS level.
(cherry picked from commit f27e91e372)
Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
This commit is contained in:
Miss Islington (bot)
committed by
GitHub
GitHub
parent
9a7e205e46
commit
86ce2e05dc
@@ -2907,6 +2907,16 @@ between themselves.
|
||||
|
||||
Suitable authentication keys can also be generated by using :func:`os.urandom`.
|
||||
|
||||
This authentication protects :class:`Listener` and :func:`Client` connections,
|
||||
which are reachable by address. It is not applied to the anonymous pipes
|
||||
created by :func:`~multiprocessing.Pipe` or used internally by
|
||||
:class:`~multiprocessing.Queue`.
|
||||
:mod:`multiprocessing` treats all local processes running as the same user as
|
||||
trusted; on most operating systems such processes can access each other's pipe
|
||||
file descriptors regardless. Applications that require isolation between
|
||||
processes of the same user must arrange it at the operating-system level --
|
||||
for example, by running workers under a different user account or in a sandbox.
|
||||
|
||||
|
||||
Logging
|
||||
^^^^^^^
|
||||
|
||||
Reference in New Issue
Block a user