Message353168
Hum, this change has a big (security?) issue:
import subprocess
subprocess.Popen(["/usr/bin/id"], user=1000, group=1000).wait()
gives:
uid=1000(vstinner) gid=1000(vstinner) groupes=1000(vstinner),0(root) contexte=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
But:
import subprocess
subprocess.Popen(["/usr/bin/id"], user=1000, group=1000, close_fds=False).wait()
gives:
uid=0(root) gid=0(root) groupes=0(root) contexte=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
=> user and group arguments are ignored when using close_fds=False: when subprocess uses posix_spawn().
Note: test_subprocess test_group() is skipped on my Fedora 30.
I wrote PR 16384 to fix the bug and enable test_group() on my Fedora (check also for "nobody" and "nfsnobody" groups). |
|
Date |
User |
Action |
Args |
2019-09-25 10:55:38 | vstinner | set | recipients:
+ vstinner, twouters, rhettinger, gregory.p.smith, giampaolo.rodola, desbma, izbyshev, patrick.mclean |
2019-09-25 10:55:38 | vstinner | set | messageid: <1569408938.61.0.651914697971.issue36046@roundup.psfhosted.org> |
2019-09-25 10:55:38 | vstinner | link | issue36046 messages |
2019-09-25 10:55:38 | vstinner | create | |
|