Skip to content

gh-98415: Fix UUID ifconfig MAC address detection #98423

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Nov 2, 2022
Merged

gh-98415: Fix UUID ifconfig MAC address detection #98423

merged 5 commits into from
Nov 2, 2022

Conversation

csanders-git
Copy link
Contributor

@csanders-git csanders-git commented Oct 19, 2022

@ghost
Copy link

ghost commented Oct 19, 2022

All commit authors signed the Contributor License Agreement.
CLA signed

@bedevere-bot
Copy link

Most changes to Python require a NEWS entry.

Please add it using the blurb_it web app or the blurb command-line tool.

Copy link
Member

@corona10 corona10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch!

I reproduce the issue with the following script:

import subprocess
"""Get the hardware address on Unix by running ifconfig."""
# This works on Linux ('' or '-a'), Tru64 ('-av'), but not all Unixes.

def foo(*args):
    command = ("/sbin/ifconfig",) + args
    proc = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.DEVNULL)
    if not proc:
        return
    stdout, stderr = proc.communicate()
    mac = stdout # This is fine for this example (normally it'd have parsed out a mac
    if not mac:
        print(args, mac, stderr)


for args in ('', '-a', '-av'):
    foo(args)

@bedevere-bot
Copy link

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

@corona10 corona10 added needs backport to 3.10 only security fixes needs backport to 3.11 only security fixes labels Oct 22, 2022
@corona10 corona10 self-assigned this Oct 22, 2022
@vstinner
Copy link
Member

I have a preference for (executable, *args) syntax when building command line arguments :-) IMO it's more readable.

Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to write an unit test with unittest.mock to check that subprocess is not called with an empty string argument?

@corona10
Copy link
Member

corona10 commented Nov 2, 2022

Would it be possible to write an unit test with unittest.mock to check that subprocess is not called with an empty string argument?

It looks hard to write the unittest due to system-specific implementation.
I would like to skip the writing test code at this moment,

@vstinner vstinner merged commit e3ec272 into python:main Nov 2, 2022
@miss-islington
Copy link
Contributor

Thanks @csanders-git for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.10, 3.11.
🐍🍒⛏🤖

@miss-islington
Copy link
Contributor

Sorry @csanders-git and @vstinner, I had trouble checking out the 3.11 backport branch.
Please retry by removing and re-adding the "needs backport to 3.11" label.
Alternatively, you can backport using cherry_picker on the command line.
cherry_picker e3ec272f57c3948834a6159cf2604978d3db67a0 3.11

@miss-islington miss-islington assigned vstinner and unassigned corona10 Nov 2, 2022
miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Nov 2, 2022
…98423)

The uuid.getnode() function has multiple implementations, tested sequentially.
The ifconfig implementation was incorrect and always failed: fix it.

In practice, functions of libuuid library are preferred, if available:
uuid_generate_time_safe(), uuid_create() or uuid_generate_time().

(cherry picked from commit e3ec272)

Co-authored-by: Chaim Sanders <csanders-git@users.noreply.github.com>
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
@bedevere-bot
Copy link

GH-99020 is a backport of this pull request to the 3.10 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.10 only security fixes label Nov 2, 2022
@vstinner vstinner added needs backport to 3.11 only security fixes and removed needs backport to 3.11 only security fixes labels Nov 2, 2022
@miss-islington
Copy link
Contributor

Thanks @csanders-git for the PR, and @vstinner for merging it 🌮🎉.. I'm working now to backport this PR to: 3.11.
🐍🍒⛏🤖

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Nov 2, 2022
…98423)

The uuid.getnode() function has multiple implementations, tested sequentially.
The ifconfig implementation was incorrect and always failed: fix it.

In practice, functions of libuuid library are preferred, if available:
uuid_generate_time_safe(), uuid_create() or uuid_generate_time().

(cherry picked from commit e3ec272)

Co-authored-by: Chaim Sanders <csanders-git@users.noreply.github.com>
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
@bedevere-bot
Copy link

GH-99021 is a backport of this pull request to the 3.11 branch.

@bedevere-bot bedevere-bot removed the needs backport to 3.11 only security fixes label Nov 2, 2022
@vstinner
Copy link
Member

vstinner commented Nov 2, 2022

Ok, thanks @csanders-git for the fix: I merged it. I rewrote the commit message to clarify its scope.

@vstinner
Copy link
Member

vstinner commented Nov 2, 2022

@corona10:

It looks hard to write the unittest due to system-specific implementation.
I would like to skip the writing test code at this moment,

It makes me sad, but I'm fine with not adding a test :-)

@vstinner
Copy link
Member

vstinner commented Nov 2, 2022

In the past, I fixed a risk of shell injection by avoiding a shell in the uuid module: commit b9d0199. I didn't add any test for that neither :-(

miss-islington added a commit that referenced this pull request Nov 2, 2022
The uuid.getnode() function has multiple implementations, tested sequentially.
The ifconfig implementation was incorrect and always failed: fix it.

In practice, functions of libuuid library are preferred, if available:
uuid_generate_time_safe(), uuid_create() or uuid_generate_time().

(cherry picked from commit e3ec272)

Co-authored-by: Chaim Sanders <csanders-git@users.noreply.github.com>
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
miss-islington added a commit that referenced this pull request Nov 2, 2022
The uuid.getnode() function has multiple implementations, tested sequentially.
The ifconfig implementation was incorrect and always failed: fix it.

In practice, functions of libuuid library are preferred, if available:
uuid_generate_time_safe(), uuid_create() or uuid_generate_time().

(cherry picked from commit e3ec272)

Co-authored-by: Chaim Sanders <csanders-git@users.noreply.github.com>
Co-authored-by: Dong-hee Na <donghee.na92@gmail.com>
@csanders-git csanders-git deleted the patch-1 branch November 14, 2022 05:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy