https://github.com/python/cpython/commit/9bc5bc56182afba8bfc020f692ba5a00aac9539e commit: 9bc5bc56182afba8bfc020f692ba5a00aac9539e branch: 3.14 author: Miss Islington (bot) <[email protected]> committer: gpshead <[email protected]> date: 2026-04-05T18:13:29Z summary:
[3.14] gh-94632: document the subprocess need for extra_groups=() with user= (GH-148129) (#148130) gh-94632: document the subprocess need for extra_groups=() with user= (GH-148129) (cherry picked from commit a1cf4430ed89ec702528ef074138c407ccf89946) Co-authored-by: Gregory P. Smith <[email protected]> files: M Doc/library/subprocess.rst diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst index 82e41bff87976d..66a3d6a484a8a8 100644 --- a/Doc/library/subprocess.rst +++ b/Doc/library/subprocess.rst @@ -630,6 +630,12 @@ functions. the value in ``pw_uid`` will be used. If the value is an integer, it will be passed verbatim. (POSIX only) + .. note:: + + Specifying *user* will not drop existing supplementary group memberships! + The caller must also pass ``extra_groups=()`` to reduce the group membership + of the child process for security purposes. + .. availability:: POSIX .. versionadded:: 3.9 _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
