Opened 7 years ago

Last modified 7 years ago

#6404 defect new

twisted.python.util.runAsEffectiveUser isn't safe in the presence of threads

Reported by: Tom Prince Owned by:
Priority: normal Milestone:
Component: core Keywords:
Cc: Branch:
Author:

Description

If any other thread happens to be scheduled while the function is being called, it will run with elevated privileges.

I guess there is nothing to be done to prevent this, but it seems like it should be something to be documented.

Change History (1)

comment:1 Changed 7 years ago by Jean-Paul Calderone

It's true it's difficult to address this. Apart from documenting the function as not safe for use with threads, there are potentially some other options though:

  • Get rid of it. Make any code depending on it work some other way. Twisted only uses runAsEffectiveUser in Conch's implementation of the UNIXPasswordDatabase checker. This checker could use a helper child process instead.
  • Make it atomic. If no other Python thread can run while runAsEffectiveUser is running, then the temporarily elevated privileges aren't a problem (as long as we ignore threads running outside of Python's threading system, which seems reasonable). There are probably a number of possible approaches to making it atomic, among them the recently discussed threading.atomic API.
Note: See TracTickets for help on using tickets.