[Python-checkins] bpo-36046: posix_spawn() doesn't support uid/gid (GH-16384)
T. Wouters
webhook-mailer at python.org
Wed Sep 25 09:52:54 EDT 2019
https://github.com/python/cpython/commit/faca8553425c231d867dcabf6a69a9dd21118b6c
commit: faca8553425c231d867dcabf6a69a9dd21118b6c
branch: master
author: Victor Stinner <vstinner at redhat.com>
committer: T. Wouters <thomas at python.org>
date: 2019-09-25T15:52:49+02:00
summary:
bpo-36046: posix_spawn() doesn't support uid/gid (GH-16384)
* subprocess.Popen now longer uses posix_spawn() if uid, gid or gids are set.
* test_subprocess: add "nobody" and "nfsnobody" group names for test_group().
* test_subprocess: test_user() and test_group() are now also tested with close_fds=False.
files:
M Lib/subprocess.py
M Lib/test/test_subprocess.py
diff --git a/Lib/subprocess.py b/Lib/subprocess.py
index 85e7969c0928..1016874c4a7f 100644
--- a/Lib/subprocess.py
+++ b/Lib/subprocess.py
@@ -1681,7 +1681,10 @@ def _execute_child(self, args, executable, preexec_fn, close_fds,
and (p2cread == -1 or p2cread > 2)
and (c2pwrite == -1 or c2pwrite > 2)
and (errwrite == -1 or errwrite > 2)
- and not start_new_session):
+ and not start_new_session
+ and gid is None
+ and gids is None
+ and uid is None):
self._posix_spawn(args, executable, env, restore_signals,
p2cread, p2cwrite,
c2pread, c2pwrite,
diff --git a/Lib/test/test_subprocess.py b/Lib/test/test_subprocess.py
index 42f376cda5d2..22516402da0e 100644
--- a/Lib/test/test_subprocess.py
+++ b/Lib/test/test_subprocess.py
@@ -1589,7 +1589,7 @@ def test_run_with_shell_timeout_and_capture_output(self):
def _get_test_grp_name():
- for name_group in ('staff', 'nogroup', 'grp'):
+ for name_group in ('staff', 'nogroup', 'grp', 'nobody', 'nfsnobody'):
if grp:
try:
grp.getgrnam(name_group)
@@ -1768,24 +1768,27 @@ def test_user(self):
test_users.append(name_uid)
for user in test_users:
- with self.subTest(user=user):
- try:
- output = subprocess.check_output(
- [sys.executable, "-c",
- "import os; print(os.getuid())"],
- user=user)
- except PermissionError: # errno.EACCES
- pass
- except OSError as e:
- if e.errno not in (errno.EACCES, errno.EPERM):
- raise
- else:
- if isinstance(user, str):
- user_uid = pwd.getpwnam(user).pw_uid
+ # posix_spawn() may be used with close_fds=False
+ for close_fds in (False, True):
+ with self.subTest(user=user, close_fds=close_fds):
+ try:
+ output = subprocess.check_output(
+ [sys.executable, "-c",
+ "import os; print(os.getuid())"],
+ user=user,
+ close_fds=close_fds)
+ except PermissionError: # (EACCES, EPERM)
+ pass
+ except OSError as e:
+ if e.errno not in (errno.EACCES, errno.EPERM):
+ raise
else:
- user_uid = user
- child_user = int(output)
- self.assertEqual(child_user, user_uid)
+ if isinstance(user, str):
+ user_uid = pwd.getpwnam(user).pw_uid
+ else:
+ user_uid = user
+ child_user = int(output)
+ self.assertEqual(child_user, user_uid)
with self.assertRaises(ValueError):
subprocess.check_call([sys.executable, "-c", "pass"], user=-1)
@@ -1809,23 +1812,25 @@ def test_group(self):
group_list.append(name_group)
for group in group_list + [gid]:
- with self.subTest(group=group):
- try:
- output = subprocess.check_output(
- [sys.executable, "-c",
- "import os; print(os.getgid())"],
- group=group)
- except OSError as e:
- if e.errno != errno.EPERM:
- raise
- else:
- if isinstance(group, str):
- group_gid = grp.getgrnam(group).gr_gid
+ # posix_spawn() may be used with close_fds=False
+ for close_fds in (False, True):
+ with self.subTest(group=group, close_fds=close_fds):
+ try:
+ output = subprocess.check_output(
+ [sys.executable, "-c",
+ "import os; print(os.getgid())"],
+ group=group,
+ close_fds=close_fds)
+ except PermissionError: # (EACCES, EPERM)
+ pass
else:
- group_gid = group
+ if isinstance(group, str):
+ group_gid = grp.getgrnam(group).gr_gid
+ else:
+ group_gid = group
- child_group = int(output)
- self.assertEqual(child_group, group_gid)
+ child_group = int(output)
+ self.assertEqual(child_group, group_gid)
# make sure we bomb on negative values
with self.assertRaises(ValueError):
More information about the Python-checkins
mailing list