Skip to content

Tests: check for DAC override capability instead of using geteuid() #94315

New issue
New issue
Closed
Closed
Tests: check for DAC override capability instead of using geteuid()#94315
Labels
3.11only security fixes3.12only security fixestestsTests in the Lib/test dirtype-bugAn unexpected behavior, bug, or error
@tiran

Description

@tiran
tiran
opened on Jun 27, 2022

Feature or enhancement

Several tests use os.geteuid() == 0 to check whether the current effective user can override discretionary access control and bypass permission checks for files. While user root typically has CAP_DAC_OVERRIDE, it may not actually have the capability. Non-root accounts can have CAP_DAC_OVERRIDE, too. On wasm32-emscripten it is not possible to query the actual effective uid.

I propose to add a check for DAC override instead of relying on effective uid check.

Metadata

Metadata

Assignees

No one assigned

    Labels

    3.11only security fixes3.12only security fixestestsTests in the Lib/test dirtype-bugAn unexpected behavior, bug, or error

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions