This essentially spawns a separate python interpreter loaded with the child_script and calls the decorated function inside it, marshalls the data then grabs it from the spawned interpreter and unmarshalls in the main app.
Looks handy but I think it’s far less optimal and more risky than just adding sudo to a normal subprocess call to an executable and could lead to some amazingly akward ways people try to use it.
Things I can imagine going wrong:
It is a cool & clever hack but I don’t see a real use cases for it.
I think of it more as a showcase of tricks you can do with marshal and func_code — not the corners of Python you visit every day, for sure.
If your program has a need for privilege escalation, it might be worth examining how your life has ended up where it has.
Perhaps it needs it because it’s a system tool that’s meant to be ran as root? Makes sense to me, I don’t know.
I guess I think that programs that need uid 0 should be run as uid 0, and programs that don’t, oughtn’t. Too, a program that needs uid 0 is probably dealing with a configuration that can and should be changed. I don’t think that there are many programs that absolutely need uid 0.