Blame SOURCES/00391-cve-2022-42919.patch

fc0754
From 85178d5849a4d9b5b46e7b91b1ebad7425139b44 Mon Sep 17 00:00:00 2001
fc0754
From: "Gregory P. Smith" <greg@krypto.org>
fc0754
Date: Thu, 20 Oct 2022 15:30:09 -0700
fc0754
Subject: [PATCH] gh-97514: Don't use Linux abstract sockets for
fc0754
 multiprocessing (GH-98501)
fc0754
fc0754
Linux abstract sockets are insecure as they lack any form of filesystem
fc0754
permissions so their use allows anyone on the system to inject code into
fc0754
the process.
fc0754
fc0754
This removes the default preference for abstract sockets in
fc0754
multiprocessing introduced in Python 3.9+ via
fc0754
https://github.com/python/cpython/pull/18866 while fixing
fc0754
https://github.com/python/cpython/issues/84031.
fc0754
fc0754
Explicit use of an abstract socket by a user now generates a
fc0754
RuntimeWarning.  If we choose to keep this warning, it should be
fc0754
backported to the 3.7 and 3.8 branches.
fc0754
(cherry picked from commit 49f61068f49747164988ffc5a442d2a63874fc17)
fc0754
fc0754
Co-authored-by: Gregory P. Smith <greg@krypto.org>
fc0754
---
fc0754
 Lib/multiprocessing/connection.py                 |  5 -----
fc0754
 .../2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst | 15 +++++++++++++++
fc0754
 2 files changed, 15 insertions(+), 5 deletions(-)
fc0754
 create mode 100644 Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
fc0754
fc0754
diff --git a/Lib/multiprocessing/connection.py b/Lib/multiprocessing/connection.py
fc0754
index 510e4b5aba44..8e2facf92a94 100644
fc0754
--- a/Lib/multiprocessing/connection.py
fc0754
+++ b/Lib/multiprocessing/connection.py
fc0754
@@ -73,11 +73,6 @@ def arbitrary_address(family):
fc0754
     if family == 'AF_INET':
fc0754
         return ('localhost', 0)
fc0754
     elif family == 'AF_UNIX':
fc0754
-        # Prefer abstract sockets if possible to avoid problems with the address
fc0754
-        # size.  When coding portable applications, some implementations have
fc0754
-        # sun_path as short as 92 bytes in the sockaddr_un struct.
fc0754
-        if util.abstract_sockets_supported:
fc0754
-            return f"\0listener-{os.getpid()}-{next(_mmap_counter)}"
fc0754
         return tempfile.mktemp(prefix='listener-', dir=util.get_temp_dir())
fc0754
     elif family == 'AF_PIPE':
fc0754
         return tempfile.mktemp(prefix=r'\\.\pipe\pyc-%d-%d-' %
fc0754
diff --git a/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
fc0754
new file mode 100644
fc0754
index 000000000000..02d95b570520
fc0754
--- /dev/null
fc0754
+++ b/Misc/NEWS.d/next/Security/2022-09-07-10-42-00.gh-issue-97514.Yggdsl.rst
fc0754
@@ -0,0 +1,15 @@
fc0754
+On Linux the :mod:`multiprocessing` module returns to using filesystem backed
fc0754
+unix domain sockets for communication with the *forkserver* process instead of
fc0754
+the Linux abstract socket namespace.  Only code that chooses to use the
fc0754
+:ref:`"forkserver" start method <multiprocessing-start-methods>` is affected.
fc0754
+
fc0754
+Abstract sockets have no permissions and could allow any user on the system in
fc0754
+the same `network namespace
fc0754
+<https://man7.org/linux/man-pages/man7/network_namespaces.7.html>`_ (often the
fc0754
+whole system) to inject code into the multiprocessing *forkserver* process.
fc0754
+This was a potential privilege escalation. Filesystem based socket permissions
fc0754
+restrict this to the *forkserver* process user as was the default in Python 3.8
fc0754
+and earlier.
fc0754
+
fc0754
+This prevents Linux `CVE-2022-42919
fc0754
+<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42919>`_.