Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > sudo open() ? (python newbee question)

Reply
Thread Tools

sudo open() ? (python newbee question)

 
 
slava@crackpot.org
Guest
Posts: n/a
 
      06-14-2005
hello,

i am writing a python script that will be run by a non root user
the script needs to open a file in write mode that is owned by root

file = open('/etc/apt/sources.list', 'r+')

returns permission error

how can i call sudo on open()?

thanks alot
slava
 
Reply With Quote
 
 
 
 
Denis WERNERT
Guest
Posts: n/a
 
      06-14-2005
The script could be SUID Root, and you could use os.setuid immediately after
having performed the task to switch to a non-priviledged user. May be a big
security risk, if someone can alter the script, he gains root access to the
system...

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:

> hello,
>
> i am writing a python script that will be run by a non root user
> the script needs to open a file in write mode that is owned by root
>
> file = open('/etc/apt/sources.list', 'r+')
>
> returns permission error
>
> how can i call sudo on open()?
>
> thanks alot
> slava

 
Reply With Quote
 
 
 
 
Dan Sommers
Guest
Posts: n/a
 
      06-14-2005
On Tue, 14 Jun 2005 11:52:13 +0200,
Denis WERNERT <(E-Mail Removed)> wrote:

> The script could be SUID Root, and you could use os.setuid immediately
> after having performed the task to switch to a non-priviledged
> user. May be a big security risk, if someone can alter the script, he
> gains root access to the system...


I am *not* advocating suid scripts, and *ESPECIALLY NOT* suid Python
programs, but if a user can modify an unwriteable suid script owned by
root in a an unwriteable directory, then they already have root access
to the system (unless there's' a kernel or filesystem bug, in which case
all bets are off anyway).

Regards,
Dan

--
Dan Sommers
<http://www.tombstonezero.net/dan/>
 
Reply With Quote
 
Christos TZOTZIOY Georgiou
Guest
Posts: n/a
 
      06-14-2005
On 14 Jun 2005 08:12:17 -0400, rumours say that Dan Sommers
<(E-Mail Removed)> might have written:

>On Tue, 14 Jun 2005 11:52:13 +0200,
>Denis WERNERT <(E-Mail Removed)> wrote:
>
>> The script could be SUID Root, and you could use os.setuid immediately
>> after having performed the task to switch to a non-priviledged
>> user. May be a big security risk, if someone can alter the script, he
>> gains root access to the system...


>I am *not* advocating suid scripts, and *ESPECIALLY NOT* suid Python
>programs, but if a user can modify an unwriteable suid script owned by
>root in a an unwriteable directory, then they already have root access
>to the system (unless there's' a kernel or filesystem bug, in which case
>all bets are off anyway).


I believe that the suid bit on scripts (either *sh or python) is
completely ignored on most *nix systems.

Try this in a shell (bash or ksh) as a sudo-capable user:

echo hello >/tmp/tmp
sudo chown root /tmp/tmp
sudo chmod 600 /tmp/tmp
cat >/tmp/ax.py <<@
#!/usr/bin/env python
x = open("/tmp/tmp", "w")
x.write("there")
x.close()
@
sudo chown root /tmp/ax.py
sudo chmod a=rx,u+s /tmp/ax.py
ls -l /tmp/ax.py /tmp/tmp
/tmp/ax.py

I get:

-r-sr-xr-x 1 root users 75 2005-06-14 16:15 /tmp/ax.py
-rw------- 1 root users 6 2005-06-14 16:15 /tmp/tmp
Traceback (most recent call last):
File "/tmp/ax.py", line 2, in ?
x = open("/tmp/tmp", "w")
IOError: [Errno 13] Permission denied: '/tmp/tmp'

--
TZOTZIOY, I speak England very best.
"Be strict when sending and tolerant when receiving." (from RFC195
I really should keep that in mind when talking with people, actually...
 
Reply With Quote
 
Dan Sommers
Guest
Posts: n/a
 
      06-14-2005
On Tue, 14 Jun 2005 16:18:19 +0300,
Christos "TZOTZIOY" Georgiou <(E-Mail Removed)> wrote:

> I believe that the suid bit on scripts (either *sh or python) is
> completely ignored on most *nix systems.


Most *modern* systems, yes.

I must be getting old.

Regards,
Dan

--
Dan Sommers
<http://www.tombstonezero.net/dan/>
 
Reply With Quote
 
Dennis Lee Bieber
Guest
Posts: n/a
 
      06-14-2005
On Tue, 14 Jun 2005 02:21:48 -0700, (E-Mail Removed) declaimed the
following in comp.lang.python:

> hello,
>
> i am writing a python script that will be run by a non root user
> the script needs to open a file in write mode that is owned by root
>
> file = open('/etc/apt/sources.list', 'r+')
>
> returns permission error
>
> how can i call sudo on open()?
>


Don't think you can -- you'd have to invoke the /script/ using
sudo, I believe (haven't done this is quite some time; the only thing I
ran sudo on my Linux install was leafnode functions).

--
> ================================================== ============ <
> (E-Mail Removed) | Wulfraed Dennis Lee Bieber KD6MOG <
> (E-Mail Removed) | Bestiaria Support Staff <
> ================================================== ============ <
> Home Page: <http://www.dm.net/~wulfraed/> <
> Overflow Page: <http://wlfraed.home.netcom.com/> <

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Java Runtime.exec() and sudo. favoretti@gmail.com Java 6 07-05-2007 05:18 PM
Using pexpect with 'sudo' dwelch91@gmail.com Python 0 10-17-2006 07:32 PM
running commands with sudo & python coldsoul4e@googlemail.com Python 2 09-29-2006 07:32 AM
Running Python Scripts With 'sudo' Tim Daneliuk Python 2 03-02-2005 09:15 PM
<rant> freaking copyprotection on sudo CDs Dave - Dave.net.nz NZ Computing 67 07-17-2004 10:07 AM



Advertisments