Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Re: suid Python script

Reply
Thread Tools

Re: suid Python script

 
 
Jeff Epler
Guest
Posts: n/a
 
      08-24-2003
You need to sanitize the environment, there's no question about that.
For instance, if you allow the user's value of PYTHONPATH to exist in
the setuid script, then the user can load an arbitrary module instead of
any of the builtin python modules.

Note that the Python source distribution has something called
Misc/setuid-prog.c. It seems to deal with the PYTHON* environment
variables.

Jeff

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Anyone willing to share an SUID wrapper program to take/passarguments to a shell script on Unbuntu? bobm3@worthless.info C Programming 3 01-15-2012 05:53 PM
Re. suid/sudo in python Rustom Mody Python 3 03-31-2009 06:47 AM
suid/sudo in python rustom Python 0 03-30-2009 06:35 AM
SUID script?? richardrothwell@gmail.com Perl Misc 1 11-07-2006 09:44 PM
suid-perl deprecated... why? chris-usenet@roaima.co.uk Perl Misc 4 12-06-2004 09:09 AM



Advertisments