[issue36046] support dropping privileges when running subprocesses

2019-09-25 Thread STINNER Victor
STINNER Victor added the comment: Hum, this change has a big (security?) issue: import subprocess subprocess.Popen(["/usr/bin/id"], user=1000, group=1000).wait() gives: uid=1000(vstinner) gid=1000(vstinner) groupes=1000(vstinner),0(root)

[issue36046] support dropping privileges when running subprocesses

2019-09-25 Thread STINNER Victor
Change by STINNER Victor : -- pull_requests: +15966 pull_request: https://github.com/python/cpython/pull/16384 ___ Python tracker ___

[issue36046] support dropping privileges when running subprocesses

2019-09-24 Thread Gregory P. Smith
Change by Gregory P. Smith : -- resolution: -> fixed stage: patch review -> commit review status: open -> closed ___ Python tracker ___

[issue36046] support dropping privileges when running subprocesses

2019-09-13 Thread Thomas Wouters
Thomas Wouters added the comment: New changeset 693aa80a434590ea7dcd35c000209e53d01b9425 by T. Wouters (Gregory P. Smith) in branch 'master': bpo-36046: Fix buildbot failures (GH-16091) https://github.com/python/cpython/commit/693aa80a434590ea7dcd35c000209e53d01b9425 -- nosy:

[issue36046] support dropping privileges when running subprocesses

2019-09-13 Thread Gregory P. Smith
Change by Gregory P. Smith : -- pull_requests: +15712 pull_request: https://github.com/python/cpython/pull/16091 ___ Python tracker ___

[issue36046] support dropping privileges when running subprocesses

2019-09-13 Thread STINNER Victor
STINNER Victor added the comment: Failures on Debian: https://buildbot.python.org/all/#/builders/27/builds/3699 == ERROR: test_user (test.test_subprocess.POSIXProcessTestCase) (user=65534)

[issue36046] support dropping privileges when running subprocesses

2019-09-13 Thread STINNER Victor
STINNER Victor added the comment: The test fails on Fedora: https://buildbot.python.org/all/#/builders/185/builds/1028 vstinner@apu$ ./python -m test test_subprocess -m test_extra_groups -m test_group -v == CPython 3.9.0a0 (heads/master:7cad53e6b0, Sep 13 2019, 11:42:25) [GCC 9.2.1 20190827

[issue36046] support dropping privileges when running subprocesses

2019-09-12 Thread Gregory P. Smith
Gregory P. Smith added the comment: AIX has the same error as RHEL and Fedora https://buildbot.python.org/all/#/builders/161/builds/1615/steps/5/logs/stdio -- ___ Python tracker

[issue36046] support dropping privileges when running subprocesses

2019-09-12 Thread Gregory P. Smith
Change by Gregory P. Smith : -- versions: +Python 3.9 -Python 3.8 ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue36046] support dropping privileges when running subprocesses

2019-09-12 Thread Gregory P. Smith
Gregory P. Smith added the comment: and some Fedora and RHEL bots are failing with: == ERROR: test_extra_groups (test.test_subprocess.POSIXProcessTestCase)

[issue36046] support dropping privileges when running subprocesses

2019-09-12 Thread Gregory P. Smith
Gregory P. Smith added the comment: The 'Debian root' buildbot exposed a unittest issue to deal with: https://buildbot.python.org/all/#/builders/27/builds/3702/steps/5/logs/stdio == ERROR: test_user

[issue36046] support dropping privileges when running subprocesses

2019-09-12 Thread Raymond Hettinger
Raymond Hettinger added the comment: Thanks for working on this. Least privilege is an important security consideration. The world will be a better place if we limit harm from bad or broken actors. -- nosy: +rhettinger ___ Python tracker

[issue36046] support dropping privileges when running subprocesses

2019-09-12 Thread Gregory P. Smith
Gregory P. Smith added the comment: I'm curious to see what weird things the various buildbot platforms find for this one. crossing my fingers. -- ___ Python tracker ___

[issue36046] support dropping privileges when running subprocesses

2019-09-12 Thread Gregory P. Smith
Gregory P. Smith added the comment: New changeset 2b2ead74382513d0bb9ef34504e283a71e6a706f by Gregory P. Smith (Patrick McLean) in branch 'master': bpo-36046: Add user and group parameters to subprocess (GH-11950)

[issue36046] support dropping privileges when running subprocesses

2019-03-02 Thread Gregory P. Smith
Gregory P. Smith added the comment: I like the separate parameters. :) -- ___ Python tracker ___ ___ Python-bugs-list mailing list

[issue36046] support dropping privileges when running subprocesses

2019-03-02 Thread desbma
Change by desbma : -- nosy: +desbma ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36046] support dropping privileges when running subprocesses

2019-02-27 Thread Patrick McLean
Patrick McLean added the comment: I have updated the pull request to include 'group' and 'extra_groups' as separate parameters. -- ___ Python tracker ___

[issue36046] support dropping privileges when running subprocesses

2019-02-26 Thread Patrick McLean
Patrick McLean added the comment: > Thanks for your explanation. In case of a privileged process, the behavior of > setreuid/setregid/setgroups does seem well-defined. But setuid/setgid change > all ids (real, effective, saved) too in this case. Do you prefer > setreuid/setregid because

[issue36046] support dropping privileges when running subprocesses

2019-02-26 Thread Alexey Izbyshev
Alexey Izbyshev added the comment: > 1) This is intentional, this is for dropping privileges before running some > (possibly untrusted) command, we do not want to leave a path for the > subprocess to gain root back. If there is a subprocess that needs root for > some operations, it would

[issue36046] support dropping privileges when running subprocesses

2019-02-25 Thread Patrick McLean
Patrick McLean added the comment: Alexey, here are my responses to your points: 1) This is intentional, this is for dropping privileges before running some (possibly untrusted) command, we do not want to leave a path for the subprocess to gain root back. If there is a subprocess that needs

[issue36046] support dropping privileges when running subprocesses

2019-02-22 Thread Alexey Izbyshev
Alexey Izbyshev added the comment: Patrick, could you provide more background that would explain your choice of setreuid/setregid functions and the desired handling of supplementary groups? I'm not a security expert, so I may not have sufficient expertise to judge on that, but maybe my

[issue36046] support dropping privileges when running subprocesses

2019-02-22 Thread Alexey Izbyshev
Change by Alexey Izbyshev : -- assignee: -> gregory.p.smith ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36046] support dropping privileges when running subprocesses

2019-02-21 Thread Gregory P. Smith
Change by Gregory P. Smith : -- assignee: -> gregory.p.smith nosy: +gregory.p.smith ___ Python tracker ___ ___ Python-bugs-list

[issue36046] support dropping privileges when running subprocesses

2019-02-20 Thread Alexey Izbyshev
Change by Alexey Izbyshev : -- nosy: +izbyshev ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36046] support dropping privileges when running subprocesses

2019-02-20 Thread SilentGhost
Change by SilentGhost : -- nosy: +giampaolo.rodola ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscribe:

[issue36046] support dropping privileges when running subprocesses

2019-02-19 Thread Patrick McLean
Change by Patrick McLean : -- keywords: +patch pull_requests: +11974 stage: -> patch review ___ Python tracker ___ ___

[issue36046] support dropping privileges when running subprocesses

2019-02-19 Thread Patrick McLean
New submission from Patrick McLean : Currently when using python to automate system administration tasks, it is useful to drop privileges sometimes. Currently the only way to do this is via a preexec_fn, which has well-documented problems. It would be useful to be able to pass a user and