[issue36046] support dropping privileges when running subprocesses
Patrick McLean
report at bugs.python.org
Mon Feb 25 18:41:01 EST 2019
Patrick McLean <chutzpah at gentoo.org> added the comment:
Alexey, here are my responses to your points:
1) This is intentional, this is for dropping privileges before running some (possibly untrusted) command, we do not want to leave a path for the subprocess to gain root back. If there is a subprocess that needs root for some operations, it would presumably have the ability to drop privileges itself, and would not need the python script to do it before running it.
2) While POSIX leaves it unspecified what changes are permitted for an unprivileged process, these are permitted for a privileged process, which is the main use case for this functionality. In the case the OS does not support it for an unpriviliged process, the syscall would fail with EPERM, which can be handled from the calling python code.
I am fine removing the workaround, and allowing it to fail with EPERM. Perhaps we could find another way around this for running the tests in an unprivileged environment, or just leave the test only running the EPERM case...
I could change the API to have have group= and supp_groups= if you prefer.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36046>
_______________________________________
More information about the Python-bugs-list
mailing list