Secure scripts variables

Discussion in 'Python' started by Florian Lindner, Mar 29, 2005.

  1. Hello,
    given the following situation:

    I have a script which is readable and executable by a user, but not
    writable.
    The users executes the scripts, it reads in a value and based on this value
    it computes a result and stores it in a variable.
    Can the user read out the value of this variable? If yes, can he be
    prevented to do so?

    (It's a ordinary user on a Linux system with access to the python
    interpreter.)

    (Of course: He could just copy the script to a file he has write access and
    modify it to print the result. It's a theoretical situation.)

    Thanks,
    Florian
     
    Florian Lindner, Mar 29, 2005
    #1
    1. Advertising

  2. Florian Lindner

    Serge Orlov Guest

    Florian Lindner wrote:
    > Hello,
    > given the following situation:
    >
    > I have a script which is readable and executable by a user, but not
    > writable.
    > The users executes the scripts, it reads in a value and based on this
    > value it computes a result and stores it in a variable.
    > Can the user read out the value of this variable?


    Yes.

    > If yes, can he be prevented to do so?


    Only if the sensitive part of your script runs under different
    user. See thread about storing passwords in a script:

    http://groups-beta.google.com/group/comp.lang.python/browse_frm/thread/91e4c114c5114e92


    > (It's a ordinary user on a Linux system with access to the python
    > interpreter.)


    If there is a will, there is a way :) I used to run a persistant server
    on Solaris as ordinary user. The trick is to create an entry in crontab
    that will periodically (every 10 minutes) check if your server is
    running, if not, start it up. Note however, after that it's not a good
    idea to keep sensitive files in your home directory (like your tax
    forms or browsing history), because if you make an error in your server
    and it will be hacked, then you risk exposing all your files.


    Serge.
     
    Serge Orlov, Mar 29, 2005
    #2
    1. Advertising

  3. Florian Lindner

    Paul Rubin Guest

    Florian Lindner <> writes:
    > I have a script which is readable and executable by a user, but not
    > writable.
    > The users executes the scripts, it reads in a value and based on this value
    > it computes a result and stores it in a variable.
    > Can the user read out the value of this variable? If yes, can he be
    > prevented to do so?


    I don't really understand the question. The user could, for example,
    run the Python interpreter under a debugger, and examine its internal
    state step by step during execution.

    What you really want is a setuid script. That can do what you want,
    but you have to write them very carefully.
     
    Paul Rubin, Mar 30, 2005
    #3
  4. Paul Rubin wrote:

    > Florian Lindner <> writes:
    >> I have a script which is readable and executable by a user, but not
    >> writable.
    >> The users executes the scripts, it reads in a value and based on this
    >> value it computes a result and stores it in a variable.
    >> Can the user read out the value of this variable? If yes, can he be
    >> prevented to do so?

    >
    > I don't really understand the question. The user could, for example,
    > run the Python interpreter under a debugger, and examine its internal
    > state step by step during execution.
    >
    > What you really want is a setuid script. That can do what you want,
    > but you have to write them very carefully.


    AFAIK scripts can't be setuid? Can you tell me what you mean and how to do
    it?

    Florian
     
    Florian Lindner, Mar 30, 2005
    #4
  5. Florian Lindner

    Paul Rubin Guest

    Florian Lindner <> writes:
    > AFAIK scripts can't be setuid? Can you tell me what you mean and how to do
    > it?


    Actually it looks like Linux doesn't support setuid scripts. I
    thought the feature had been restored. There is a well-known security
    hole but there are workarounds for it and some of the BSD-derived
    Unixes implement those. And there is a special hack for Perl that
    uses an accessory setuid C program to run setuid Perl scripts--maybe
    something like it could be written for Python.

    Anyway, the simple workaround is to write a simple C wrapper that
    invokes the Python interpreter on your script. Make sure to use a
    complete path to specify where your script is. From the "perlsec"
    documentation:

    #define REAL_PATH "/path/to/script"
    main(ac, av)
    char **av;
    {
    execv(REAL_PATH, av);
    }

    Compile this wrapper into a binary executable and then make it rather
    than your script setuid or setgid.

    http://supportweb.cs.bham.ac.uk/documentation/perl5/pod/perlsec.html

    You have to be very careful writing these scripts since there are all
    kinds of errors you can make. Perl's "taint checking" feature helps
    catch a lot of those and it would be good if Python had something
    similar.
     
    Paul Rubin, Mar 31, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,450
    Teemu Keiski
    Jun 8, 2004
  2. Daniel Malcolm
    Replies:
    0
    Views:
    557
    Daniel Malcolm
    Jan 24, 2005
  3. zdrakec
    Replies:
    1
    Views:
    438
    zdrakec
    Jul 25, 2005
  4. Joe
    Replies:
    5
    Views:
    963
    Steven Cheng[MSFT]
    Dec 13, 2005
  5. verbal kint
    Replies:
    1
    Views:
    552
    Sudsy
    Sep 4, 2004
Loading...

Share This Page