Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork33.3k
Description
Bug report
Bug description:
Python 3.12.0 (main, Oct 2 2023, 00:00:00) [GCC 13.2.1 20230918 (Red Hat 13.2.1-3)] on linuxakapython3-3.12.0-1.fc39.x86_64.
Run this code on your Linux system with pkexec setup. That should work on any normalish GNOME system, I'd guess. I'm using Fedora 39.
importasyncioclassMyProtocol(asyncio.SubprocessProtocol):passasyncdefrun():loop=asyncio.get_running_loop()transport,protocol=awaitloop.subprocess_exec(MyProtocol,'pkexec','cat')awaitasyncio.sleep(10)transport.close()asyncio.run(run())
You should get a popup to enter your admin password. Do that within 10 seconds. Thencat (which now has the same PID as we spawnedpkexec with) will be running as root.
transport.close() attempts tokill() that PID, which fails:
Traceback (most recent call last): File "/var/home/lis/src/cockpit/ferny-transport/break.py", line 15, in <module> asyncio.run(run()) File "/usr/lib64/python3.12/asyncio/runners.py", line 194, in run return runner.run(main) ^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.12/asyncio/runners.py", line 118, in run return self._loop.run_until_complete(task) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.12/asyncio/base_events.py", line 664, in run_until_complete return future.result() ^^^^^^^^^^^^^^^ File "/var/home/lis/src/cockpit/ferny-transport/break.py", line 12, in run transport.close() File "/usr/lib64/python3.12/asyncio/base_subprocess.py", line 117, in close self._proc.kill() File "/usr/lib64/python3.12/subprocess.py", line 2209, in kill self.send_signal(signal.SIGKILL) File "/usr/lib64/python3.12/subprocess.py", line 2196, in send_signal os.kill(self.pid, sig)PermissionError: [Errno 1] Operation not permittedProbably the call toself._proc.kill() in.close() should be guarded to ignorePermissionError. It already ignoresProcessLookupError:
try:self._proc.kill()exceptProcessLookupError:pass
There are many other setuid utilities that this doesn't seem to be a problem with. The shadow-utils tools likepasswd seem to remain killable, as doessudo (which keeps a process running around and forks off to spawn the desired command as root). In fact,pkexec was the only tool I could find that causes this issue, but as viewed from the Python side, we clearly cannot necessarily rely on being able to.kill() a PID that we created.
Thanks!
CPython versions tested on:
3.12, 3.13
Operating systems tested on:
Linux
Linked PRs
Metadata
Metadata
Assignees
Projects
Status