-
-
Notifications
You must be signed in to change notification settings - Fork 33.2k
Closed
Labels
3.12only security fixesonly security fixesinterpreter-core(Objects, Python, Grammar, and Parser dirs)(Objects, Python, Grammar, and Parser dirs)topic-subinterpreterstype-featureA feature request or enhancementA feature request or enhancement
Description
(prerequisite: gh-98608)
Currently, the optional restrictions on subinterpreters are:
- disallow fork
- disallow subprocess
- disallow threads
- defaults for "isolated" interpreters: (no fork, no subprocess, no threads)
When we added those, were were being a bit conservative. At this point we should adjust to the following:
- disallow fork
- disallow exec
- disallow threads
- disallow daemon threads
- defaults for "isolated" interpreters: (no fork, no exec, no daemon threads, regular threads OK)
That means we would stop disallowing subprocess (even if fork or exec are disabled). We'd add an option for "exec". We'd also add an option for daemon threads and disable only those (rather than all threads) by default for isolated interpreters.
CC @gpshead
Metadata
Metadata
Assignees
Labels
3.12only security fixesonly security fixesinterpreter-core(Objects, Python, Grammar, and Parser dirs)(Objects, Python, Grammar, and Parser dirs)topic-subinterpreterstype-featureA feature request or enhancementA feature request or enhancement
Projects
Status
Done