Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Re: suid Python script

Thread Tools

Re: suid Python script

Jeff Epler
Posts: n/a
You need to sanitize the environment, there's no question about that.
For instance, if you allow the user's value of PYTHONPATH to exist in
the setuid script, then the user can load an arbitrary module instead of
any of the builtin python modules.

Note that the Python source distribution has something called
Misc/setuid-prog.c. It seems to deal with the PYTHON* environment


Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone willing to share an SUID wrapper program to take/passarguments to a shell script on Unbuntu? C Programming 3 01-15-2012 05:53 PM
Re. suid/sudo in python Rustom Mody Python 3 03-31-2009 06:47 AM
suid/sudo in python rustom Python 0 03-30-2009 06:35 AM
SUID script?? Perl Misc 1 11-07-2006 09:44 PM
suid-perl deprecated... why? Perl Misc 4 12-06-2004 09:09 AM