sudo open() ? (python newbee question)

Discussion in 'Python' started by slava@crackpot.org, Jun 14, 2005.

  1. Guest

    hello,

    i am writing a python script that will be run by a non root user
    the script needs to open a file in write mode that is owned by root

    file = open('/etc/apt/sources.list', 'r+')

    returns permission error

    how can i call sudo on open()?

    thanks alot
    slava
    , Jun 14, 2005
    #1
    1. Advertising

  2. The script could be SUID Root, and you could use os.setuid immediately after
    having performed the task to switch to a non-priviledged user. May be a big
    security risk, if someone can alter the script, he gains root access to the
    system...

    wrote:

    > hello,
    >
    > i am writing a python script that will be run by a non root user
    > the script needs to open a file in write mode that is owned by root
    >
    > file = open('/etc/apt/sources.list', 'r+')
    >
    > returns permission error
    >
    > how can i call sudo on open()?
    >
    > thanks alot
    > slava
    Denis WERNERT, Jun 14, 2005
    #2
    1. Advertising

  3. Dan Sommers Guest

    On Tue, 14 Jun 2005 11:52:13 +0200,
    Denis WERNERT <> wrote:

    > The script could be SUID Root, and you could use os.setuid immediately
    > after having performed the task to switch to a non-priviledged
    > user. May be a big security risk, if someone can alter the script, he
    > gains root access to the system...


    I am *not* advocating suid scripts, and *ESPECIALLY NOT* suid Python
    programs, but if a user can modify an unwriteable suid script owned by
    root in a an unwriteable directory, then they already have root access
    to the system (unless there's' a kernel or filesystem bug, in which case
    all bets are off anyway).

    Regards,
    Dan

    --
    Dan Sommers
    <http://www.tombstonezero.net/dan/>
    Dan Sommers, Jun 14, 2005
    #3
  4. On 14 Jun 2005 08:12:17 -0400, rumours say that Dan Sommers
    <> might have written:

    >On Tue, 14 Jun 2005 11:52:13 +0200,
    >Denis WERNERT <> wrote:
    >
    >> The script could be SUID Root, and you could use os.setuid immediately
    >> after having performed the task to switch to a non-priviledged
    >> user. May be a big security risk, if someone can alter the script, he
    >> gains root access to the system...


    >I am *not* advocating suid scripts, and *ESPECIALLY NOT* suid Python
    >programs, but if a user can modify an unwriteable suid script owned by
    >root in a an unwriteable directory, then they already have root access
    >to the system (unless there's' a kernel or filesystem bug, in which case
    >all bets are off anyway).


    I believe that the suid bit on scripts (either *sh or python) is
    completely ignored on most *nix systems.

    Try this in a shell (bash or ksh) as a sudo-capable user:

    echo hello >/tmp/tmp
    sudo chown root /tmp/tmp
    sudo chmod 600 /tmp/tmp
    cat >/tmp/ax.py <<@
    #!/usr/bin/env python
    x = open("/tmp/tmp", "w")
    x.write("there")
    x.close()
    @
    sudo chown root /tmp/ax.py
    sudo chmod a=rx,u+s /tmp/ax.py
    ls -l /tmp/ax.py /tmp/tmp
    /tmp/ax.py

    I get:

    -r-sr-xr-x 1 root users 75 2005-06-14 16:15 /tmp/ax.py
    -rw------- 1 root users 6 2005-06-14 16:15 /tmp/tmp
    Traceback (most recent call last):
    File "/tmp/ax.py", line 2, in ?
    x = open("/tmp/tmp", "w")
    IOError: [Errno 13] Permission denied: '/tmp/tmp'

    --
    TZOTZIOY, I speak England very best.
    "Be strict when sending and tolerant when receiving." (from RFC1958)
    I really should keep that in mind when talking with people, actually...
    Christos TZOTZIOY Georgiou, Jun 14, 2005
    #4
  5. Dan Sommers Guest

    On Tue, 14 Jun 2005 16:18:19 +0300,
    Christos "TZOTZIOY" Georgiou <> wrote:

    > I believe that the suid bit on scripts (either *sh or python) is
    > completely ignored on most *nix systems.


    Most *modern* systems, yes. ;-)

    I must be getting old. :-(

    Regards,
    Dan

    --
    Dan Sommers
    <http://www.tombstonezero.net/dan/>
    Dan Sommers, Jun 14, 2005
    #5
  6. On Tue, 14 Jun 2005 02:21:48 -0700, declaimed the
    following in comp.lang.python:

    > hello,
    >
    > i am writing a python script that will be run by a non root user
    > the script needs to open a file in write mode that is owned by root
    >
    > file = open('/etc/apt/sources.list', 'r+')
    >
    > returns permission error
    >
    > how can i call sudo on open()?
    >


    Don't think you can -- you'd have to invoke the /script/ using
    sudo, I believe (haven't done this is quite some time; the only thing I
    ran sudo on my Linux install was leafnode functions).

    --
    > ============================================================== <
    > | Wulfraed Dennis Lee Bieber KD6MOG <
    > | Bestiaria Support Staff <
    > ============================================================== <
    > Home Page: <http://www.dm.net/~wulfraed/> <
    > Overflow Page: <http://wlfraed.home.netcom.com/> <
    Dennis Lee Bieber, Jun 14, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim Daneliuk

    Running Python Scripts With 'sudo'

    Tim Daneliuk, Mar 2, 2005, in forum: Python
    Replies:
    2
    Views:
    432
    Jeff Epler
    Mar 2, 2005
  2. Replies:
    2
    Views:
    365
  3. Replies:
    0
    Views:
    880
  4. rustom

    suid/sudo in python

    rustom, Mar 30, 2009, in forum: Python
    Replies:
    0
    Views:
    337
    rustom
    Mar 30, 2009
  5. Rustom Mody

    Re. suid/sudo in python

    Rustom Mody, Mar 30, 2009, in forum: Python
    Replies:
    3
    Views:
    1,708
    rustom
    Mar 31, 2009
Loading...

Share This Page