[Python-Dev] Pondering some changes to python.c...

Andrew Koenig ark@research.att.com
07 Apr 2002 10:07:03 -0400

Sean> It would seem that if you were to unset LD_LIBRARY_PATH and
Sean> PYTHONPATH (I'm probably missing something), and then pick up
Sean> the priveleges specified in argv[1], that you could safely do
Sean> SUID Python.  Some folks I've mentioned it to seem to think it's
Sean> just a bad idea to have an SUID python, but I think it's better
Sean> to solve the problems once than have people re-inventing the
Sean> wheel badly...

You might want to be careful about LD_LIBRARY_PATH -- if the executable
is built for dynamic linking, and it needs a library that's not in
/usr/lib, mightn't changing LD_LIBRARY_PATH cause it to fail?

Andrew Koenig, ark@research.att.com, http://www.research.att.com/info/ark