-
-
Notifications
You must be signed in to change notification settings - Fork 33.2k
Closed
Labels
3.11only security fixesonly security fixes3.12only security fixesonly security fixestestsTests in the Lib/test dirTests in the Lib/test dirtype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or error
Description
Feature or enhancement
Several tests use os.geteuid() == 0
to check whether the current effective user can override discretionary access control and bypass permission checks for files. While user root typically has CAP_DAC_OVERRIDE, it may not actually have the capability. Non-root accounts can have CAP_DAC_OVERRIDE, too. On wasm32-emscripten it is not possible to query the actual effective uid.
I propose to add a check for DAC override instead of relying on effective uid check.
Metadata
Metadata
Assignees
Labels
3.11only security fixesonly security fixes3.12only security fixesonly security fixestestsTests in the Lib/test dirTests in the Lib/test dirtype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or error