Skip to content

gh-143511: Document sys.remote_exec permissions requirements #143575

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Yashp002 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

gh-143511: Document sys.remote_exec permissions requirements #143575

Yashp002 wants to merge 3 commits into from
+15 −0

Conversation

@Yashp002
Copy link
Contributor

@Yashp002 Yashp002 commented Jan 8, 2026
edited by github-actions bot
Loading

sys.remote_exec(pid, script_path) creates a temporary script with restrictive
permissions (typically 0o600). The target process must be able to read this
file, which fails in cross-user scenarios (e.g. sudo debugging).

Added documentation note with example showing how to os.chmod() the file to
0o644 (readable by group/other) before calling.

Addresses the PermissionError reported in #143511.

Co-authored-by: @RafaelWO

📚 Documentation preview 📚: https://cpython-previews--143575.org.readthedocs.build/

@bedevere-app bedevere-app bot added docs Documentation in the Doc dir skip news labels Jan 8, 2026
@bedevere-app bedevere-app bot mentioned this pull request Jan 8, 2026
Open
@github-project-automation github-project-automation bot moved this to Todo in Docs PRs Jan 8, 2026
@RafaelWO
Copy link
Contributor

RafaelWO commented Jan 8, 2026
edited
Loading

Wouldn't it make more sense to add this info to the remote debugging docs? 🤔

@Yashp002
Copy link
Contributor Author

Yashp002 commented Jan 8, 2026

@RafaelWO Well i figured sys.rst or sys.executable here is way more used or gone through by users on a daily basis? Sys.rst is more discoverable for users hitting the error.
We could go with keeping it in both too but this one's just more discoverable imo unless I'm heavily mistaken.

@StanFromIreland StanFromIreland changed the title gh-143511: Document sys.remote_exec permissions requirements [skip news] gh-143511: Document sys.remote_exec permissions requirements Jan 9, 2026
StanFromIreland
StanFromIreland reviewed Jan 9, 2026
View reviewed changes
Doc/library/sys.rst Outdated
The temporary script file is created with restrictive permissions (typically
``0o600``). The target process must be able to read this file.

Callers should adjust permissions before calling, e.g.::
Copy link
Member

@StanFromIreland StanFromIreland Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't use latin abbreviations, see the devguide for more information.

RafaelWO
RafaelWO reviewed Jan 10, 2026
View reviewed changes
Doc/library/sys.rst
Comment on lines 2016 to 2019
.. availability:: Unix, Windows.
.. versionadded:: 3.14

The temporary script file is created with restrictive permissions (typically
Copy link
Contributor

@RafaelWO RafaelWO Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the directives (availability, versionadded) should always be at the end of a member section. Hence, I would move them to the end (or your addition above).

Copy link
Contributor Author

@Yashp002 Yashp002 Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made the changes @RafaelWO, could you verify them?

Copy link
Member

@picnixz picnixz Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not at the end. versionadded should be the last section. You added your section afterwards.

Copy link
Contributor Author

@Yashp002 Yashp002 Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@picnixz You mean even after the example I've provided?

picnixz
picnixz reviewed Jan 10, 2026
View reviewed changes
Doc/library/sys.rst
Comment on lines +2022 to +2033
Callers should adjust permissions before calling, for example::

import os
import tempfile
import sys

with tempfile.NamedTemporaryFile(mode='w', suffix='.py', delete=False) as f:
f.write("print('Hello from remote!')")
f.flush()
os.chmod(f.name, 0o644) # Readable by group/other
sys.remote_exec(pid, f.name)
os.unlink(f.name) # Cleanup
Copy link
Member

@picnixz picnixz Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be put before the audit event descriptions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@picnixz picnixz picnixz left review comments

@StanFromIreland StanFromIreland StanFromIreland left review comments

+1 more reviewer

@RafaelWO RafaelWO RafaelWO left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

awaiting review docs Documentation in the Doc dir skip news

Projects

Docs PRs
Status: Todo

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Yashp002 @RafaelWO @picnixz @StanFromIreland