-
-
Notifications
You must be signed in to change notification settings - Fork 30.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate and remove ctypes usage in uuid #84681
Comments
The uuid module uses ctypes to try and load likely system libraries to provide some functionality of the uuid module. This is a security risk (depending on your sensitivity to DLL hijacking), but it also seems to be not very necessary? It would be nice to remove the ctypes usage from an otherwise (almost) pure Python module. |
There are three scenarios where ctypes is used in this module:
I'll happily move the UuidCreateSequential call into _uuid and add it to the Windows build, but it's not clear whether the libuuid lookup is important or not. If anyone knows of scenarios where you can't compile against libuuid but can load it with ctypes, would be great to hear about it! |
uuid.py has a long history. The recent history is the addition of the _uuid module which exposes libuuid function properly. IMHO it's a better approach than ctypes. On Windows, it seems like ctypes remains used to get access to Windows function UuidCreateSequential(). It is used by uuid.getnode() for example. We should expose UuidCreateSequential() in _uuid rather than using ctypes for that. I propose to do that in two steps: (A) Ensure that _uuid works on macOS, FreeBSD and Linux, especially in the macOS installer of python.org. If yes, remove the ctypes code to access libuuid functions. (B) Add a function to _uuid to expose Windows UuidCreateSequential(), use it in uuid.py and remove the related ctypes code. Both steps can be done in parallel. |
Do you think either need a deprecation cycle? I'd say not for the Windows change, but I'm not sure whether people could be relying on libuuid showing up after build. |
If the behavior doesn't change, no deprecation is needed. For example, if libuuid was already used trough _uuid module, the ctypes code path is basically just dead code. But it should be checked manually. |
FWIW, a spot check shows that _uuid builds and test_uuid passes both sets of its tests, e.g. TestUUIDWithExtModule and TestUUIDWithoutExtModule, with current python.org macOS installers on macOS releases of interest. So, AFAICT, we have no need for the ctypes fallback on at least macOS 10.6 or later and we don't actively support anything older than that. |
Thanks Ned. There are some platform.version() checks in there that I'm basically ignoring right now - are those unnecessary? Shall I clean them up too? |
This is fixed, right? |
Right, I close the issue. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: