Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-61460: Stronger HMAC in multiprocessing #20380

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

gh-61460: Stronger HMAC in multiprocessing #20380

wants to merge 3 commits into from
+196 −33

Conversation

tiran
Copy link
Member

@tiran tiran commented May 25, 2020
edited by gpshead

@stratakis stratakis mentioned this pull request Jun 18, 2020
Closed
@tiran
bpo-17258: Stronger HMAC in multiprocessing
c7f7680 
Signed-off-by: Christian Heimes <christian@python.org>
@tiran tiran force-pushed the bpo17258-multiproc-md5 branch from f4d7007 to c7f7680 Compare Nov 17, 2020
@florinspatar
Copy link
Contributor

florinspatar commented Dec 15, 2021

I'm just wondering here, but is this still waiting for reviews before it can be merged?

@davidmalcolm davidmalcolm mentioned this pull request Apr 10, 2022
Open
gpshead
gpshead reviewed Oct 22, 2022
View changes
Copy link
Member

@gpshead gpshead left a comment

Why jump through all the hoops to specify the digest in the protocol? Don't we always control both ends of the connection so there should never be a situation where negotiation and understanding of what was used is needed?

That'd be a lot less complicated.

And not prone to the potential problem this has of always stooping to the lowest level decided upon out by the challenge initiator rather than requiring a specific hash to be used on the channel.

Misc/NEWS.d/next/Library/2020-05-25-12-42-36.bpo-17258.lf2554.rst Outdated Show resolved Hide resolved
Lib/multiprocessing/connection.py Outdated Show resolved Hide resolved
Lib/multiprocessing/connection.py Outdated Show resolved Hide resolved
pitrou
pitrou reviewed Nov 13, 2022
View changes
Lib/multiprocessing/connection.py Outdated Show resolved Hide resolved
gpshead added 2 commits Nov 20, 2022
@gpshead
Merge branch 'main' into bpo17258-multiproc-md5
954018a
@gpshead
Reworked to be more robust while keeping the idea.
ab1d60c 
The protocol modification idea remains, but we now take advantage of the
message length as an indicator of legacy vs modern protocol version.  No
more regular expression usage.  We now default to HMAC-SHA256, but do so
in a way that will be compatible when communicating with older clients
or older servers. No protocol transition period is needed.

More unittests to verify these claims remain true are required.
gpshead
gpshead reviewed Nov 20, 2022
View changes
Lib/multiprocessing/connection.py Outdated Show resolved Hide resolved
Lib/multiprocessing/connection.py Outdated Show resolved Hide resolved
@gpshead gpshead self-assigned this Nov 20, 2022
@gpshead gpshead marked this pull request as ready for review Nov 20, 2022
@gpshead gpshead added the type-feature A feature request or enhancement label Nov 20, 2022
@gpshead gpshead changed the title bpo-17258: Stronger HMAC in multiprocessing gh-61460: Stronger HMAC in multiprocessing Nov 20, 2022
@gpshead
Copy link
Member

gpshead commented Nov 20, 2022

I believe this is in much better shape now, reviews appreciated @tiran & @pitrou.

This feature combined with #99309 will close the loop on #97514 - allowing people who oddly want to use Linux abstract namespace sockets for forkserver to do so "safely" again.

@gpshead gpshead mentioned this pull request Nov 20, 2022
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpshead gpshead

@pitrou pitrou

Assignees

@gpshead gpshead

Labels
awaiting core review expert-multiprocessing type-feature A feature request or enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@tiran @florinspatar @gpshead @pitrou @vstinner @the-knights-who-say-ni @ezio-melotti @bedevere-bot