[issue6758] implement new setuid-related calls and a standard way to drop all privileges
Travis H.
report at bugs.python.org
Fri Aug 21 20:49:37 CEST 2009
New submission from Travis H. <travis+w-python.org at subspacefield.org>:
It should be easier to write network servers and setuid programs in
python. One of the troublesome issues is that the semantics of the
setuid/getuid-related calls are quite complicated.
There are two papers on this subject that form the background of this
feature request:
http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf
http://www.cs.berkeley.edu/~daw/papers/setuid-login08b.pdf
In general, then, the end goal is a safe (portable, secure) way to drop
privileges either temporarily or permanently.
Wagner et. al. have proposed a decent interface, but it's unclear to me
where it should be implemented.
Furthermore, it makes use of the getresuid/setresuid calls (among many
others), which don't appear from their manpages to be standardized by
POSIX, but are available in most modern Unix OSes. So this leaves me
with two questions; have these functions been standardized, and if not,
where should they be implemented?
I'm willing to do the coding, but need some guidance on where to put the
code.
----------
messages: 91835
nosy: solinym
severity: normal
status: open
title: implement new setuid-related calls and a standard way to drop all privileges
type: feature request
versions: Python 2.7, Python 3.2
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue6758>
_______________________________________
More information about the Python-bugs-list
mailing list