PublicArchive/cpython
2
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2026-05-06 04:37:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

[3.14] gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578) (#148583)

Browse Source 
gh-137335: remove a mktemp use in multiprocessing.connection to avoid security scanner noise (GH-148578)

remove a mktemp use to avoid security scanner noise
(cherry picked from commit fd81246bd5)

Co-authored-by: Gregory P. Smith <68491+gpshead@users.noreply.github.com>
This commit is contained in:
Miss Islington (bot)
2026-04-15 02:06:25 +02:00
committed by GitHub
parent 5dc69a6502
commit e590f007ed
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Lib/multiprocessing/connection.py
+5 -2
View File
@@ -16,7 +16,6 @@ import os
import sys
import socket
import struct
import tempfile
import time
@@ -77,7 +76,11 @@ def arbitrary_address(family):
if family == 'AF_INET':
return ('localhost', 0)
elif family == 'AF_UNIX':
return tempfile.mktemp(prefix='sock-', dir=util.get_temp_dir())
# NOTE: util.get_temp_dir() is a 0o700 per-process directory. A
# mktemp-style ToC vs ToU concern is not important; bind() surfaces
# the extremely unlikely collision as EADDRINUSE.
return os.path.join(util.get_temp_dir(),
f'sock-{os.urandom(6).hex()}')
elif family == 'AF_PIPE':
return (r'\\.\pipe\pyc-%d-%d-%s' %
(os.getpid(), next(_mmap_counter), os.urandom(8).hex()))