https://github.com/python/cpython/commit/5782d6aa508873575ae168b134f0c9c88beac95e commit: 5782d6aa508873575ae168b134f0c9c88beac95e branch: 3.10 author: Miss Islington (bot) <[email protected]> committer: pablogsal <[email protected]> date: 2026-04-05T19:33:56+01:00 summary:
[3.10] gh-94632: document the subprocess need for extra_groups=() with user= (GH-148129) (#148134) gh-94632: document the subprocess need for extra_groups=() with user= (GH-148129) (cherry picked from commit a1cf4430ed89ec702528ef074138c407ccf89946) Co-authored-by: Gregory P. Smith <[email protected]> files: M Doc/library/subprocess.rst diff --git a/Doc/library/subprocess.rst b/Doc/library/subprocess.rst index 7eb9f3042405ff..633855c498a367 100644 --- a/Doc/library/subprocess.rst +++ b/Doc/library/subprocess.rst @@ -618,6 +618,12 @@ functions. the value in ``pw_uid`` will be used. If the value is an integer, it will be passed verbatim. (POSIX only) + .. note:: + + Specifying *user* will not drop existing supplementary group memberships! + The caller must also pass ``extra_groups=()`` to reduce the group membership + of the child process for security purposes. + .. availability:: POSIX .. versionadded:: 3.9 _______________________________________________ Python-checkins mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/python-checkins.python.org Member address: [email protected]
