STINNER Victor <vstin...@python.org> added the comment:
Hum, this change has a big (security?) issue: import subprocess subprocess.Popen(["/usr/bin/id"], user=1000, group=1000).wait() gives: uid=1000(vstinner) gid=1000(vstinner) groupes=1000(vstinner),0(root) contexte=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 But: import subprocess subprocess.Popen(["/usr/bin/id"], user=1000, group=1000, close_fds=False).wait() gives: uid=0(root) gid=0(root) groupes=0(root) contexte=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 => user and group arguments are ignored when using close_fds=False: when subprocess uses posix_spawn(). Note: test_subprocess test_group() is skipped on my Fedora 30. I wrote PR 16384 to fix the bug and enable test_group() on my Fedora (check also for "nobody" and "nfsnobody" groups). ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue36046> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
