gh-148022: Add threat model to remote debugging docs (GH-148024)
The remote debugging protocol has been generating spurious
vulnerability reports from automated scanners that pattern-match
on "remote access" and "memory operations" without understanding
the privilege model. This section documents the security boundaries
so reporters can self-triage before submitting.
The threat model clarifies three points: attaching requires the
same OS-level privileges as GDB (ptrace, task_for_pid, or
SeDebugPrivilege), crashes caused by reading corrupted target
process memory are not security issues, and a compromised target
process is out of scope. A subsection explains when operators
should use PYTHON_DISABLE_REMOTE_DEBUG for defence-in-depth.
(cherry picked from commit edab6860a7)
Co-authored-by: Pablo Galindo Salgado <Pablogsal@gmail.com>
Align the QSBR thread state array to a 64-byte cache line boundary
and add padding at the end of _PyThreadStateImpl. Depending on heap
layout, the QSBR array could end up sharing a cache line with a
thread's tlbc_index, causing QSBR quiescent state updates to contend
with reads of tlbc_index in RESUME_CHECK. This is sensitive to
earlier allocations during interpreter init and can appear or
disappear with seemingly unrelated changes.
Either change alone is sufficient to fix the specific issue, but both
are worthwhile to avoid similar problems in the future.
(cherry picked from commit 6577d870b0)
Docs: don't rely on implicit 'above' directions in socket docs (GH-146426)
(cherry picked from commit 3ff582238f)
Co-authored-by: Ned Batchelder <ned@nedbatchelder.com>
Use uniform standard signature syntax in the tutorial and in
the array and collections modules documentation.
(cherry picked from commit 17070f41d4)
Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
gh-146318: Document that signal.SIGSTOP is Unix-only (GH-146319)
(cherry picked from commit e44993a665)
Co-authored-by: Jonathan Dung <jonathandung@yahoo.com>
To avoid duplicate content in the Enum HOWTO and
API documentation which is not automatically synced,
the section about supported __dunder__ and _sunder
names is moved from HOWTO to API docs.
See also https://github.com/python/cpython/pull/136791
(cherry picked from commit 629a363ddd)
Co-authored-by: Rafael Weingartner-Ortner <38643099+RafaelWO@users.noreply.github.com>
gh-108907: ctypes: Document _type_ codes (GH-145837)
Add `_SimpleCData._type_` docs.
Add type codes to the summary table.
Cross-link `struct`, `array`, and `ctypes`; throw in `numpy` too.
(Anyone wanting to add a code should be aware of those.)
Add `py_object`, and `VARIANT_BOOL` for completeness.
(cherry picked from commit 1114d7f7f8)
Co-authored-by: Petr Viktorin <encukou@gmail.com>
Docs: replace all `datetime` imports with `import datetime as dt` (GH-145640)
(cherry picked from commit 83360b5869)
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
gh-91279: Note `SOURCE_DATE_EPOCH` support in `ZipFile.writestr()` doc (GH-139396)
(cherry picked from commit 5ad738f8fb)
Co-authored-by: Wulian233 <1055917385@qq.com>
Co-authored-by: Victor Stinner <vstinner@python.org>
- Add leading space so that the spacing between the previous annotation
and the thread safety annotation looks correct.
- Remove trailing period from the link to the thread safety level.
(cherry picked from commit 580043dfae)
Co-authored-by: Lysandros Nikolaou <lisandrosnik@gmail.com>
Cache one datachunk per tstate to prevent alloc/dealloc thrashing when repeatedly hitting the same call depth at exactly the wrong boundary.
Move new _ts member to the end to not mess up remote debuggers' ideas of the
struct's layout. (The struct is only created by the runtime, and the new
field only used by the runtime, so it should be safe.)
(cherry picked from commit 706fd4ec08)
Co-authored-by: T. Wouters <thomas@python.org>
Co-authored-by: blurb-it[bot] <43283697+blurb-it[bot]@users.noreply.github.com>
Docs: a brief note in the sets tutorial about order (GH-145984)
(cherry picked from commit 4f5e79805e)
Docs: a brief note in the sets tut about order
Co-authored-by: Ned Batchelder <ned@nedbatchelder.com>
Docs: fix a form error and a grammatical error in float.rst (GH-140989)
(cherry picked from commit 70397fd103)
Co-authored-by: RayXu <xu_ruihong2009@163.com>
Docs: except with multiple exceptions parentheses not required (GH-145848)
As of PEP 758 the except statement doesn't require parentheses anymore for exception tuples.
(cherry picked from commit 6d1e9ceed3)
See: https://peps.python.org/pep-0758/
Co-authored-by: Maurizio Sambati <duilio@users.noreply.github.com>
(cherry picked from commit eb9ae65e5b)
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Ned Batchelder <ned@nedbatchelder.com>
Docs: Improve the C API documentation involving threads (GH-145520)
(cherry picked from commit 7990313afa)
Co-authored-by: Peter Bierma <zintensitydev@gmail.com>
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Co-authored-by: Savannah Ostrowski <savannah@python.org>
Co-authored-by: Stan Ulbrych <89152624+StanFromIreland@users.noreply.github.com>
Co-authored-by: Stan Ulbrych <stan@ulbrych.org>
