Skip to content

gh-150368: Change Windows user group to secure identifier#150369

Open
anytokin wants to merge 1 commit into
python:mainfrom
anytokin:main
Open

gh-150368: Change Windows user group to secure identifier#150369
anytokin wants to merge 1 commit into
python:mainfrom
anytokin:main

Conversation

@anytokin
Copy link
Copy Markdown

@anytokin anytokin commented May 24, 2026
edited by bedevere-app Bot
Loading

@python-cla-bot
Copy link
Copy Markdown

python-cla-bot Bot commented May 24, 2026
edited
Loading

All commit authors signed the Contributor License Agreement.

CLA signed

@bedevere-app bedevere-app Bot added the tests Tests in the Lib/test dir label May 24, 2026
@bedevere-app
Copy link
Copy Markdown

bedevere-app Bot commented May 24, 2026

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@anytokin anytokin changed the title gh-#150368: Change Windows user group to secure identifier gh-150368: Change Windows user group to secure identifier May 24, 2026
@bedevere-app bedevere-app Bot mentioned this pull request May 24, 2026
Open
@bedevere-app
Copy link
Copy Markdown

bedevere-app Bot commented May 25, 2026

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

vstinner
vstinner approved these changes May 28, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. But it would be nice if I could reproduce the issue to check the PR: #150368 (comment).

Comment thread Lib/test/test_tempfile.py
probe = os.path.join(tempfile.tempdir, 'probe')
if os.name == 'nt':
cmd = ['icacls', tempfile.tempdir, '/deny', 'Everyone:(W)']
#Use security identifier *S-1-1-0 instead
Copy link
Copy Markdown
Member

@vstinner vstinner May 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#Use security identifier *S-1-1-0 instead
# Use security identifier *S-1-1-0 instead

@vstinner
Copy link
Copy Markdown
Member

vstinner commented May 28, 2026

Lib/test/test_ntpath.py and Lib/test/test_os/test_os.py already call icacls.exe with identifiers instead of names:

Lib/test/test_ntpath.py:            ['icacls.exe', test_file, '/deny', '*S-1-5-32-545:(S)'],
Lib/test/test_os/test_os.py:            ['icacls.exe', fname, '/deny', '*S-1-5-32-545:(S)'],

@zooba zooba added skip news needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes needs backport to 3.15 pre-release feature fixes, bugs and security fixes labels May 28, 2026
@zooba
Copy link
Copy Markdown
Member

zooba commented May 28, 2026

LGTM with Victor's proposed comment fix.

Not totally sure how far this should be backported, but easy enough to let the bot try and fail.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vstinner vstinner vstinner approved these changes

Assignees

No one assigned

Labels

awaiting merge needs backport to 3.13 bugs and security fixes needs backport to 3.14 bugs and security fixes needs backport to 3.15 pre-release feature fixes, bugs and security fixes skip news tests Tests in the Lib/test dir

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@anytokin @vstinner @zooba