Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjust the Optional Restrictions of _Py_NewInterpreterFromConfig() #98610

Closed
ericsnowcurrently opened this issue Oct 24, 2022 · 0 comments
Closed

Adjust the Optional Restrictions of _Py_NewInterpreterFromConfig() #98610

ericsnowcurrently opened this issue Oct 24, 2022 · 0 comments
Assignees
@ericsnowcurrently
Labels
3.12 bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-subinterpreters type-feature A feature request or enhancement

Comments

@ericsnowcurrently
Copy link
Member

ericsnowcurrently commented Oct 24, 2022
edited by bedevere-bot

(prerequisite: gh-98608)

Currently, the optional restrictions on subinterpreters are:

  • disallow fork
  • disallow subprocess
  • disallow threads
  • defaults for "isolated" interpreters: (no fork, no subprocess, no threads)

When we added those, were were being a bit conservative. At this point we should adjust to the following:

  • disallow fork
  • disallow exec
  • disallow threads
  • disallow daemon threads
  • defaults for "isolated" interpreters: (no fork, no exec, no daemon threads, regular threads OK)

That means we would stop disallowing subprocess (even if fork or exec are disabled). We'd add an option for "exec". We'd also add an option for daemon threads and disable only those (rather than all threads) by default for isolated interpreters.

CC @gpshead
@ericsnowcurrently ericsnowcurrently added type-feature A feature request or enhancement interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-subinterpreters 3.12 bugs and security fixes labels Oct 24, 2022
@bedevere-bot bedevere-bot mentioned this issue Oct 24, 2022
Merged
@ericsnowcurrently ericsnowcurrently self-assigned this Oct 25, 2022
miss-islington pushed a commit that referenced this issue Oct 31, 2022
@ericsnowcurrently
gh-98610: Adjust the Optional Restrictions on Subinterpreters (GH-98618)
4702552 
Previously, the optional restrictions on subinterpreters were: disallow fork, subprocess, and threads.  By default, we were disallowing all three for "isolated" interpreters.  We always allowed all three for the main interpreter and those created through the legacy `Py_NewInterpreter()` API.

Those settings were a bit conservative, so here we've adjusted the optional restrictions to: fork, exec, threads, and daemon threads.  The default for "isolated" interpreters disables fork, exec, and daemon threads.  Regular threads are allowed by default.  We continue always allowing everything For the main interpreter and the legacy API.

In the code, we add `_PyInterpreterConfig.allow_exec` and  `_PyInterpreterConfig.allow_daemon_threads`.  We also add `Py_RTFLAGS_DAEMON_THREADS` and `Py_RTFLAGS_EXEC`.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ericsnowcurrently ericsnowcurrently

Labels
3.12 bugs and security fixes interpreter-core (Objects, Python, Grammar, and Parser dirs) topic-subinterpreters type-feature A feature request or enhancement
Projects
Subinterpreters
Status: Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ericsnowcurrently