[3.12] gh-112334: Restore subprocess's use of vfork() & fix extra_groups=[] behavior (GH-112617)
#112731
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…roups=[]` behavior (pythonGH-112617) Restore `subprocess`'s intended use of `vfork()` by default for performance on Linux; also fixes the behavior of `extra_groups=[]` which was unintentionally broken in 3.12.0: Fixed a performance regression in 3.12's :mod:`subprocess` on Linux where it would no longer use the fast-path ``vfork()`` system call when it could have due to a logic bug, instead falling back to the safe but slower ``fork()``. Also fixed a security bug introduced in 3.12.0. If a value of ``extra_groups=[]`` was passed to :mod:`subprocess.Popen` or related APIs, the underlying ``setgroups(0, NULL)`` system call to clear the groups list would not be made in the child process prior to ``exec()``. The security issue was identified via code inspection in the process of fixing the first bug. Thanks to @vain for the detailed report and analysis in the initial bug on Github. (cherry picked from commit 9fe7655) Co-authored-by: Gregory P. Smith <[email protected]> Co-authored-by: Serhiy Storchaka <[email protected]>
3 tasks
(mentions the assigned CVE number)
gpshead
approved these changes
Dec 4, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Restore
subprocess's intended use ofvfork()by default for performance on Linux;also fixes the behavior of
extra_groups=[]which was unintentionally broken in 3.12.0:Fixed a performance regression in 3.12's :mod:
subprocesson Linux where itwould no longer use the fast-path
vfork()system call when it could havedue to a logic bug, instead falling back to the safe but slower
fork().Also fixed a security bug introduced in 3.12.0. If a value of
extra_groups=[]was passed to :mod:
subprocess.Popenor related APIs, the underlyingsetgroups(0, NULL)system call to clear the groups list would not be madein the child process prior to
exec().The security issue was identified via code inspection in the process of
fixing the first bug. Thanks to @vain for the detailed report and
analysis in the initial bug on Github.
(cherry picked from commit 9fe7655)
Co-authored-by: Gregory P. Smith [email protected]
Co-authored-by: Serhiy Storchaka [email protected]
The security issue has been assigned CVE-2023-6507.