Re: suid Python script

Discussion in 'Python' started by Jeff Epler, Aug 24, 2003.

  1. Jeff Epler

    Jeff Epler Guest

    You need to sanitize the environment, there's no question about that.
    For instance, if you allow the user's value of PYTHONPATH to exist in
    the setuid script, then the user can load an arbitrary module instead of
    any of the builtin python modules.

    Note that the Python source distribution has something called
    Misc/setuid-prog.c. It seems to deal with the PYTHON* environment
    variables.

    Jeff
     
    Jeff Epler, Aug 24, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. rustom

    suid/sudo in python

    rustom, Mar 30, 2009, in forum: Python
    Replies:
    0
    Views:
    344
    rustom
    Mar 30, 2009
  2. Rustom Mody

    Re. suid/sudo in python

    Rustom Mody, Mar 30, 2009, in forum: Python
    Replies:
    3
    Views:
    1,716
    rustom
    Mar 31, 2009
  3. Replies:
    3
    Views:
    798
    Markus Wichmann
    Jan 15, 2012
  4. suid-perl deprecated... why?

    , Dec 1, 2004, in forum: Perl Misc
    Replies:
    4
    Views:
    447
  5. SUID script??

    , Nov 7, 2006, in forum: Perl Misc
    Replies:
    1
    Views:
    141
    Gunnar Hjalmarsson
    Nov 7, 2006
Loading...

Share This Page