[issue38963] multiprocessing processes seem to "bleed" user information (GID/UID/groups)

[Roman Joost]

New submission from Roman Joost <ro...@bromeco.de>:

When running a process which changes UID/GID, some of the following processes 
will run as the user I change to per process.

In order to reproduce (see the attached reproducer):
1. Change the 'USERNAME' to an unprivileged user on your system.
2. Run the reproducer as a user with elevated privileges (e.g. root or some 
secondary user you have on your system). Mind you, I don't think the user you 
run as needs elevated privileges, but that's the user I ran as when I observed 
this behaviour.
3. The reproducer iterates over a list (It stems from a test function which was 
checking permissions on log files). Observe the print out, which prints the 
process' GID, UID and secondary groups before we're changing to the users GID, 
UID and secondary groups.
4. You should observe that at some point the process prints the user 
information of the user we want to change to not the one which initially 
started the script.

Example output when running locally as root:

('B', (0, 0, [0]))
('A', (0, 0, [0]))
('C', (0, 0, [0]))
('E', (0, 0, [0]))
('D', (0, 0, [0]))
('F', (1002, 1002, [10, 135, 1000, 1002]))
('H', (1002, 1002, [10, 135, 1000, 1002]))
('I', (1002, 1002, [10, 135, 1000, 1002]))
('J', (1002, 1002, [10, 135, 1000, 1002]))
('G', (1002, 1002, [10, 135, 1000, 1002]))
('K', (1002, 1002, [10, 135, 1000, 1002]))
('L', (1002, 1002, [10, 135, 1000, 1002]))
('M', (1002, 1002, [10, 135, 1000, 1002]))
('N', (1002, 1002, [10, 135, 1000, 1002]))

I would have expected `0` all the way through.

However, if I initialise the Pool with `maxtasksperchild=1` the isolation seems 
as expected.

I don't know whether this is a bug or I'm foolish to invoke multiprocessing 
like this. I've run out of time to investigate this further. It's certainly 
strange behaviour to me and I thought I better report it, since reproducing 
seems fairly deterministic.

----------
assignee: docs@python
components: Documentation, Library (Lib)
files: reproducer.py
messages: 357773
nosy: docs@python, romanofski
priority: normal
severity: normal
status: open
title: multiprocessing processes seem to "bleed" user information 
(GID/UID/groups)
type: behavior
versions: Python 3.6, Python 3.7
Added file: https://bugs.python.org/file48753/reproducer.py

_______________________________________
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue38963>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com