requests permission denied regression reading extracted certs with multiple users

permission denied regression reading extracted certs with multiple users

Open jmelahman opened this issue 7 months ago • 1 comments

If it is necessary to extract the certs from a zip file, they'll be written to somewhere like /tmp/cacert.pem. This is problematic for subsequent users who may not have have permission to access this /tmp/cacert.pem

Seems related to https://github.com/psf/requests/pull/6667

Note, this issue was not present with version 2.31.0

Expected Result

two users should be able to extract zipped certs on the same filesystem without issue

Actual Result

Traceback (most recent call last):
  File "/usr/lib/python3.9/runpy.py", line 197, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/lib/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/home/jamison/.../__main__.py", line 83, in <module>
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 627, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/home/jamison/..., line 22, in <module>
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 627, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/home/jamison/..., line 13, in <module>
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 627, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/home/jamison/.../pypi__39__requests_2_32_2/requests/__init__.py", line 164, in <module>
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 627, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/home/jamison/.../pypi__39__requests_2_32_2/requests/api.py", line 11, in <module>
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 627, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/home/jamison/.../pypi__39__requests_2_32_2/requests/sessions.py", line 15, in <module>
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 627, in _load_backward_compatible
  File "<frozen zipimport>", line 259, in load_module
  File "/home/jamison/.../pypi__39__requests_2_32_2/requests/adapters.py", line 77, in <module>
PermissionError: [Errno 13] Permission denied

Reproduction Steps

touch /tmp/test_utils.py
chown root:root /tmp/test_utils.py
python -m pytest test/test_utils.py

The full end-to-end steps are a bit involved. A, __main__,py

import requests

as a standalone zip executable is enough to repro (though I haven't been able to repro with executables that unarchive themselves such as zipapp -- in this case, we're using something similar to google's subpar).

System Information

$ python -m requests.help

{
  "chardet": {
    "version": null
  },
  "charset_normalizer": {
    "version": "3.3.2"
  },
  "cryptography": {
    "version": ""
  },
  "idna": {
    "version": "3.7"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.12.3"
  },
  "platform": {
    "release": "6.6.32-1-lts",
    "system": "Linux"
  },
  "pyOpenSSL": {
    "openssl_version": "",
    "version": null
  },
  "requests": {
    "version": "2.32.3"
  },
  "system_ssl": {
    "version": "30300000"
  },
  "urllib3": {
    "version": "2.2.2"
  },
  "using_charset_normalizer": true,
  "using_pyopenssl": false
}

Jul 09 '24 00:07 jmelahman

requests requests copied to clipboard

permission denied regression reading extracted certs with multiple users

Expected Result

Actual Result

Reproduction Steps

System Information

requests
requests copied to clipboard