potential 2.6.5 release blocker

The changes introduced for Issue7999 in r78546, r78547, r78548, r78549 cause test_tcl to fail when it is run after test_os, as is normal under regrtest.  The problem is that the posixmodule was modified to accept values of -1 for setreuid and setregid and, although the tests added for them claim that they do nothing, on OS X 10.6 (in a framework build at least) they do have a side effect.  A simplified test case demonstrates:

$ ./python
Python 2.6.5rc1 (release26-maint, Mar  2 2010, 15:22:31) 
[GCC 4.2.1 (Apple Inc. build 5646) (dot 1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from Tkinter import Tcl
>>> Tcl().loadtk()  # Tk window opens
>>> ^D
$ ./python
Python 2.6.5rc1 (release26-maint, Mar  2 2010, 15:22:31) 
[GCC 4.2.1 (Apple Inc. build 5646) (dot 1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from Tkinter import Tcl
>>> import os
>>> os.getuid(), os.geteuid()
(501, 501)
>>> os.setreuid(-1, -1)
>>> os.getuid(), os.geteuid()
(501, 501)
>>> Tcl().loadtk()
2010-03-02 18:20:28.375 Python[21147:60f] The application with bundle ID org.python.python is running setugid(), which is not allowed.
$ ./python
Python 2.6.5rc1 (release26-maint, Mar  2 2010, 15:22:31) 
[GCC 4.2.1 (Apple Inc. build 5646) (dot 1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from Tkinter import Tcl
>>> import os
>>> os.getgid(), os.getegid()
(20, 20)
>>> os.setregid(-1, -1)
>>> os.getgid(), os.getegid()
(20, 20)
>>> Tcl().loadtk()
2010-03-02 18:25:15.952 Python[21163:60f] The application with bundle ID org.python.python is running setugid(), which is not allowed.

Searching the web for "running setugid(), which is not allowed" shows various programs affected by this change in OS X 10.6, apparently to close a security hole.

Unfortunately, the module and test changes cause the standard python regression test to abort at test_tcl. For 2.6.5 at least, suggest disabling the two new -1, -1 tests on OS X.  (I assume that the other branches exhibit the same behavior but I haven't explicitly tested them yet.)

(Thanks to Tom Loredo for bringing up the issue on the pythonmac-sig list.)

Just disabling those two tests is the best thing for the 2.6.5 release if we don't get around to the actual fix:

Since calling setreuid(-1, -1) is apparently not such a no-op on all systems these tests would be better if we ran them in a subprocess so that they don't alter the main test runner process state.

Confirmed as a release blocker for 2.6.5.  GPS's suggestion seems reasonable, though a bit more work.  Please submit a patch that we can review.  We're going to need a 2.6.5rc2 anyway.

See trunk r78718 for my proposed fix.

Ported Gregory's fix to py3k and 3.1.

Moving the test to a child process does avoid the problem.
(BTW, so far I've only seen the failure when Tkinter is linked with the Apple-supplied Tk 8.5 in 10.6, not with Tk 8.4.)

merged into release26-maint r78754.