proposal: add setresuid() system call to python

T

travis+ml-python

Hello,

Historically, I have used scripting languages like python for typical
uses, but they tend to not fare very well at system programming; for
close interfacing with the operating system, I'm often forced to use a
language like C. This is undesirable to me.

I do not think this has to be the case; I see no reason why a
scripting language can't implement more of the system call API, at the
risk of having some OS-dependent modules. I would actually like to
see more network servers written in scripting languages, as they
neatly avoid buffer overflow and integer overflow issues with no extra
effort.

One BIG roadblock to doing this is when they can't manage to drop
permissions properly.

I am suggesting that the setresuid function be added to python,
perhaps in the OS module, because it has the clearest semantics for
manipulating user ids. The reason why is best described in the
following paper:

http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf

One argument against this is that it is not specified by POSIX, and
thus might be dismissed as "implementation dependent".

However, as the paper above demonstrates, even though the setuid
system call is defined by POSIX, it already has system-dependent
behavior. POSIX provides for at least two different behaviors of the
setuid call, and even more if you consider that it leaves what
constitutes "appropriate privileges" up to the OS kernel.

I humbly propose that python implement all the routines necessary to
securely drop privileges, to enable construction of network daemons
that might need to drop privileges from root to some non-root userid
(e.g. mail transfer agents, or POP/IMAP servers).

Furthermore, where there are multiple system calls to achieve this
effect, it should implement the ones with the clearest semantics, and
setresuid fits that bill. To see what an utter mess the uid-manipulation
routines are in, I refer you once again to this paper, as the situation
is too complicated to describe in this email:

http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf

Opinions?

Best,
Travis
--
Obama Nation | My emails do not have attachments; it's a digital signature
that your mail program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please email (e-mail address removed) to get blacklisted.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (OpenBSD)

iQIcBAEBAgAGBQJKYNikAAoJEGQVZZEDJt9HBAoQAKZkN7uus9GJfhpvOhis/ZwF
1RWLDn/WT8a7cYE5r/kkuEQY9xVZK6TQI/6cqPayGg5ghuK72mLpA3Qe13G1aVQj
z+ypwko5neaSyEJUDNX2B/mpko4+vbNuLCPKEnLnJrh8BUAp0N5qcVdT33KRE5TM
zc6yRtmdtRkWWvZZKdjb0Ebq16K2lKyk4lU7fW89f7G5fzg1mqsPnRVOSbORCgoe
l9U0XriSbJZ00vbXKbfVlsNBzB0iRJuxivvy+ebzrYOZw5ZLlqoCC8HXEfJyeoJ0
ZINC6+kHTdvsPBcqQ/YYm4dQ4rKn3VT+NnBwImmslurSJgze++S8OtdvIX85M59Y
Z2O6dtvrJjdo1xV4G9LrHrDPQN4p0Xed0e9hrDfYvhD2NObJFW4v+ysBjooxXK3l
gcOOdFxK148ybhSPYfArX8f45vDlmTK/vofBm1zHeEmUAbTKgl92StiXsTqbZ/Vj
ueIZvBYlEkLprrVKokfmxxqyHLfr46+iRZOEW+biysdnIDUVG1xWpef6QzkPMEli
st5LfBW9PhrKqFMwfqvNMD9zy4NstKMBoGWVITKsTl8v3iOnEasxP0B/ShgxNl7u
V1C3uWavoBy+MYh3h2MqJI+kYdYJJz7E0YGrCkflkfp0nGkWVBYNANYSdV+Tzqkm
Pai3zBD1Cea/QBdWLDJ+
=W2n7
-----END PGP SIGNATURE-----
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,902
Latest member
Elena68X5

Latest Threads

Top