[issue8045] test_tcl aborts on OS X 10.6 with "The application with bundle ID org.python.python is running setugid(), which is not allowed."

Ned Deily report at bugs.python.org
Wed Mar 3 03:33:53 CET 2010 

New submission from Ned Deily <nad at acm.org>:

potential 2.6.5 release blocker

The changes introduced for Issue7999 in r78546, r78547, r78548, r78549 cause test_tcl to fail when it is run after test_os, as is normal under regrtest.  The problem is that the posixmodule was modified to accept values of -1 for setreuid and setregid and, although the tests added for them claim that they do nothing, on OS X 10.6 (in a framework build at least) they do have a side effect.  A simplified test case demonstrates:

$ ./python
Python 2.6.5rc1 (release26-maint, Mar  2 2010, 15:22:31) 
[GCC 4.2.1 (Apple Inc. build 5646) (dot 1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from Tkinter import Tcl
>>> Tcl().loadtk()  # Tk window opens
>>> ^D
$ ./python
Python 2.6.5rc1 (release26-maint, Mar  2 2010, 15:22:31) 
[GCC 4.2.1 (Apple Inc. build 5646) (dot 1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from Tkinter import Tcl
>>> import os
>>> os.getuid(), os.geteuid()
(501, 501)
>>> os.setreuid(-1, -1)
>>> os.getuid(), os.geteuid()
(501, 501)
>>> Tcl().loadtk()
2010-03-02 18:20:28.375 Python[21147:60f] The application with bundle ID org.python.python is running setugid(), which is not allowed.
$ ./python
Python 2.6.5rc1 (release26-maint, Mar  2 2010, 15:22:31) 
[GCC 4.2.1 (Apple Inc. build 5646) (dot 1)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> from Tkinter import Tcl
>>> import os
>>> os.getgid(), os.getegid()
(20, 20)
>>> os.setregid(-1, -1)
>>> os.getgid(), os.getegid()
(20, 20)
>>> Tcl().loadtk()
2010-03-02 18:25:15.952 Python[21163:60f] The application with bundle ID org.python.python is running setugid(), which is not allowed.

Searching the web for "running setugid(), which is not allowed" shows various programs affected by this change in OS X 10.6, apparently to close a security hole.

Unfortunately, the module and test changes cause the standard python regression test to abort at test_tcl. For 2.6.5 at least, suggest disabling the two new -1, -1 tests on OS X.  (I assume that the other branches exhibit the same behavior but I haven't explicitly tested them yet.)

----------
messages: 100326
nosy: barry, gregory.p.smith, ned.deily, ronaldoussoren
severity: normal
status: open
title: test_tcl aborts on OS X 10.6 with "The application with bundle ID org.python.python is running setugid(), which is not allowed."
type: crash
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue8045>
_______________________________________

More information about the Python-bugs-list mailing list