Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-61460: Stronger HMAC in multiprocessing #20380

Merged
merged 5 commits into from
May 20, 2023
Merged

gh-61460: Stronger HMAC in multiprocessing #20380

merged 5 commits into from
May 20, 2023

Conversation

tiran
Copy link
Member

@tiran tiran commented May 25, 2020
edited by gpshead

@stratakis stratakis mentioned this pull request Jun 18, 2020
Closed
@tiran
bpo-17258: Stronger HMAC in multiprocessing
c7f7680 
Signed-off-by: Christian Heimes <christian@python.org>
@florinspatar
Copy link
Contributor

I'm just wondering here, but is this still waiting for reviews before it can be merged?

@davidmalcolm davidmalcolm mentioned this pull request Apr 10, 2022
Closed
gpshead
gpshead reviewed Oct 22, 2022
View reviewed changes
Copy link
Member

@gpshead gpshead left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why jump through all the hoops to specify the digest in the protocol? Don't we always control both ends of the connection so there should never be a situation where negotiation and understanding of what was used is needed?

That'd be a lot less complicated.

And not prone to the potential problem this has of always stooping to the lowest level decided upon out by the challenge initiator rather than requiring a specific hash to be used on the channel.

Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst Outdated Show resolved Hide resolved
Lib/multiprocessing/connection.py Outdated Show resolved Hide resolved
Lib/multiprocessing/connection.py Outdated Show resolved Hide resolved
@gpshead
Merge branch 'main' into bpo17258-multiproc-md5
954018a
@gpshead
Reworked to be more robust while keeping the idea.
ab1d60c 
The protocol modification idea remains, but we now take advantage of the
message length as an indicator of legacy vs modern protocol version.  No
more regular expression usage.  We now default to HMAC-SHA256, but do so
in a way that will be compatible when communicating with older clients
or older servers. No protocol transition period is needed.

More unittests to verify these claims remain true are required.
gpshead
gpshead reviewed Nov 20, 2022
View reviewed changes
Lib/multiprocessing/connection.py Outdated Show resolved Hide resolved
Lib/multiprocessing/connection.py Outdated Show resolved Hide resolved
@gpshead gpshead self-assigned this Nov 20, 2022
@gpshead gpshead marked this pull request as ready for review November 20, 2022 21:32
@gpshead gpshead added the type-feature A feature request or enhancement label Nov 20, 2022
@gpshead gpshead changed the title bpo-17258: Stronger HMAC in multiprocessing gh-61460: Stronger HMAC in multiprocessing Nov 20, 2022
@gpshead
Copy link
Member

gpshead commented Nov 20, 2022

I believe this is in much better shape now, reviews appreciated @tiran & @pitrou.

This feature combined with #99309 will close the loop on #97514 - allowing people who oddly want to use Linux abstract namespace sockets for forkserver to do so "safely" again.

@gpshead gpshead mentioned this pull request Nov 20, 2022
Closed
@netlify
Copy link

netlify bot commented Dec 11, 2022
edited

Deploy Preview for python-cpython-preview ready!

Name Link
🔨 Latest commit ee5e6ff
🔍 Latest deploy log https://app.netlify.com/sites/python-cpython-preview/deploys/639526524ecd2e0009172e1f
😎 Deploy Preview https://deploy-preview-20380--python-cpython-preview.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

This was referenced Jan 5, 2023
Closed
Closed
@gpshead gpshead enabled auto-merge (squash) May 20, 2023 23:24
@gpshead gpshead merged commit 3ed57e4 into python:main May 20, 2023
20 of 21 checks passed
@gpshead
Copy link
Member

gpshead commented May 20, 2023

merged, we'll see how this goes during the betas!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpshead gpshead gpshead left review comments

@pitrou pitrou pitrou left review comments

Assignees

@gpshead gpshead

Labels
topic-multiprocessing type-feature A feature request or enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@tiran @florinspatar @gpshead @pitrou @vstinner @the-knights-who-say-ni @ezio-melotti @bedevere-bot