[Python-Dev] __pycache__ creation

Greg Ewing greg.ewing at canterbury.ac.nz
Tue Mar 23 22:48:51 CET 2010

Antoine Pitrou wrote:

> Well, if I can create a setuid apache shell, I can probably su as root or apache
> as well.
> ("su -c rm -r whatever")
> Or are you talking about a Web-based shell?

I'm just saying that if there is any way of running code of
your choice as the apache user, you can get it to make a
copy of /bin/sh and suid it.

Of course, if you have permission to su apache, then this
is not necessary. But then you wouldn't have to go through
web server contortions to fix apache-generated botchups


More information about the Python-Dev mailing list