PublicArchive/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-05-06 04:37:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

[3.13] gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578) (#148584)

Browse Source 
gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578)

remove a mktemp use to avoid security scanner noise
(cherry picked from commit fd81246bd5)

Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
This commit is contained in:
Miss Islington (bot)
2026-04-15 02:06:33 +02:00
committed by GitHub
parent cb4b94c74d
commit ba2f30eb83
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Lib/multiprocessing/connection.py
+5 -1
View File
@@ -75,7 +75,11 @@ def arbitrary_address(family):
if family == 'AF_INET':
return ('localhost', 0)
elif family == 'AF_UNIX':
return tempfile.mktemp(prefix='sock-', dir=util.get_temp_dir())
# NOTE: util.get_temp_dir() is a 0o700 per-process directory. A
# mktemp-style ToC vs ToU concern is not important; bind() surfaces
# the extremely unlikely collision as EADDRINUSE.
return os.path.join(util.get_temp_dir(),
f'sock-{os.urandom(6).hex()}')
elif family == 'AF_PIPE':
return (r'\\.\pipe\pyc-%d-%d-%s' %
(os.getpid(), next(_mmap_counter), os.urandom(8).hex()))