STINNER Victor <vstin...@python.org> added the comment:
I close the issue. Python 3.7 and newer are fixed. Python 2.7 is still
affected, but I consider that it's ok to leave the bug unfixed in this version.
--
> The random number generator now reseeds after a fork.
I confirm that it's done since Python 3.7, and Python 3.6 doesn't accept
bugfixes anymore (only security fixes). So the issue is fixed in Python 3.7,
3.8 and master. For the record, the fix was this change:
commit 346cbd351ee0dd3ab9cb9f0e4cb625556707877e
Author: Antoine Pitrou <pit...@free.fr>
Date: Sat May 27 17:50:54 2017 +0200
bpo-16500: Allow registering at-fork handlers (#1715)
Backporting this change to Python 3.6 and 3.5 would be too intrusive and risky.
I don't think that this bug is important enough to be qualified as security
vulnerability (the issue type is not "Security").
For Python 2.7, honestly, I don't think that the issue matters enough to
justify to fix it today, knowning that Python 2.7 will reach its end of life at
the end of the year. Moreover, apart Christian Heimes, no user ever complained
about this issue.
Note: uuid.uuid4() always used os.urandom(16) which is not affected by this
issue on fork. Only uuid.uuid1() and uuid.getnode() has the bug in Python 2.7.
----------
resolution: -> fixed
stage: -> resolved
status: open -> closed
versions: +Python 3.7, Python 3.8, Python 3.9 -Python 2.7, Python 3.6
_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue15206>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
