[3.15] gh-151519: Check effective gid in `_test_all_chown_common` group-0 guard ...

gh-151519: Check effective gid in `_test_all_chown_common` group-0 guard (GH-151521)

The guard that skips the "chown to gid 0 should fail" assertion used
only `os.getgroups()` (supplementary groups). The kernel also accepts
the effective/filesystem gid for chown, so when a process runs with
egid 0 and a non-zero uid (common in containers and user namespaces),
chown(-1, 0) succeeds and the assertion spuriously fails.

Add an `os.getegid() != 0` check alongside the existing
`0 not in os.getgroups()` guard.
(cherry picked from commit 2ce260033b457a0ad2c9767a1d9902bef5a30b0e)

Co-authored-by: Itamar Oren <itamarost@gmail.com>

diff --git a/Lib/test/test_os/test_posix.py b/Lib/test/test_os/test_posix.py
index 0e8495a4eff2ed4004b97681091898e809ad77cc..a1ffd4fbe8cf2be6f43268afc00b7a5a35a29ea8 100644 (file)
--- a/Lib/test/test_os/test_posix.py
+++ b/Lib/test/test_os/test_posix.py
@@ -899,7 +899,9 @@ class PosixTester(unittest.TestCase):
             self.assertRaises(OSError, chown_func, first_param, 0, -1)
             check_stat(uid, gid)
             if hasattr(os, 'getgroups'):
-                if 0 not in os.getgroups():
+                # Also check the effective gid, which the kernel
+                # accepts for chown even if not in getgroups().
+                if 0 not in os.getgroups() and os.getegid() != 0:
                     self.assertRaises(OSError, chown_func, first_param, -1, 0)
                     check_stat(uid, gid)
         # test illegal types