Running Python Scripts With 'sudo'

[Tim Daneliuk]

Given that setuid is a Bad Thing for scripts, what is the general consensus
here on running a Python script via 'sudo' to give it root system access?
Is this reasonably secure, or am I still asking for trouble?

TIA,

 

[Steve Holden]

Given that setuid is a Bad Thing for scripts, what is the general consensus
here on running a Python script via 'sudo' to give it root system access?
Is this reasonably secure, or am I still asking for trouble?

TIA,

The value of "sudo" is that everyone must authenticate as themselves,
and sudo logs all activity. Therefore the system administrators can
partition responsibility and know from the logs exactly who did what.

The risks involved with setuid scripts involve the exploitation of race
conditions within the kernel, IIRC, and since the root permissions are
established by sudo for the invoking process, I believe sudo would
eliminate the risks involved (because the setuid bit would no longer be
used on the script).

regards
Steve

 

[Jeff Epler]

Does "sudo" sanitize the environment? Imagine that the user can set
PYTHONPATH, PYTHONINSPECT, etc.

Beyond that, you have the same problems as with any code that runs with
"extra privileges". Can the user supply any code that is fed to
patently unsafe primitives (like the unpickler, eval() or the exec
statement)? If your program opens files with user-controlled names, did
you make all the right checks?

Jeff

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCJizoJd01MZaTXX0RAvBnAKCtvhaxQn5aDGIhcmBCfXgMX+8CUgCeLI3Z
H7bQM84BbIKHWvuAKh59Yb0=
=J0mR
-----END PGP SIGNATURE-----