Skip to content

gh-94315: Check for DAC override capability (GH-94316) #94316

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 27, 2022

Conversation

tiran
Copy link
Member

@tiran tiran commented Jun 27, 2022

os.geteuid() == 0 is not a reliable check whether the current user
has the capability to bypass permission checks. Tests now probe for DAC
override.

@tiran tiran added tests Tests in the Lib/test dir needs backport to 3.11 only security fixes labels Jun 27, 2022
``os.geteuid() == 0`` is not a reliable check whether the current user
has the capability to bypass permission checks. Tests now probe for DAC
override.
@tiran tiran force-pushed the gh-94315-dac-check branch from cb4c2e7 to de8f91e Compare June 27, 2022 07:25
@tiran tiran added the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label Jun 27, 2022
@bedevere-bot
Copy link

🤖 New build scheduled with the buildbot fleet by @tiran for commit de8f91e 🤖

If you want to schedule another build, you need to add the ":hammer: test-with-buildbots" label again.

@bedevere-bot bedevere-bot removed the 🔨 test-with-buildbots Test PR w/ buildbots; report in status section label Jun 27, 2022
@tiran
Copy link
Member Author

tiran commented Jun 27, 2022

Buildbot test failures are unrelated to the PR.

@tiran tiran changed the title gh-94315: Check for DAC override capability gh-94315: Check for DAC override capability (GH-94316) Jun 27, 2022
@tiran tiran merged commit 7e0d98e into python:main Jun 27, 2022
@tiran tiran deleted the gh-94315-dac-check branch June 27, 2022 18:27
@miss-islington
Copy link
Contributor

Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 3.11.
🐍🍒⛏🤖 I'm not a witch! I'm not a witch!

miss-islington pushed a commit to miss-islington/cpython that referenced this pull request Jun 27, 2022
``os.geteuid() == 0`` is not a reliable check whether the current user
has the capability to bypass permission checks. Tests now probe for DAC
override.
(cherry picked from commit 7e0d98e)

Co-authored-by: Christian Heimes <christian@python.org>
@bedevere-bot bedevere-bot removed the needs backport to 3.11 only security fixes label Jun 27, 2022
@bedevere-bot
Copy link

GH-94346 is a backport of this pull request to the 3.11 branch.

miss-islington added a commit that referenced this pull request Jun 27, 2022
``os.geteuid() == 0`` is not a reliable check whether the current user
has the capability to bypass permission checks. Tests now probe for DAC
override.
(cherry picked from commit 7e0d98e)

Co-authored-by: Christian Heimes <christian@python.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
tests Tests in the Lib/test dir
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants