SuSE Linux, python and setgid
Johannes Stezenbach
yawyi at gmx.de
Mon Jun 26 07:09:40 EDT 2000
Thomas Leonhardt <leonhardt at informatik.tu-darmstadt.de> wrote:
>I have got the problem that I should install a script on our server
>which was written in python. The problem is that the script checks
>wether the group id was set as specified by the file permissions.
>
>But somehow the gid is not set when I execute the script. Is there
>something like suidperl for python or smoethingelse special with
>SuSE linux which causes the gid not beeing set??
set[ug]id scripts are unsafe and for that reason disabled by the
kernel in most UNIXes (reason: race condition between when the
kernel reads the #! line and the the called interpreter reopens
the script for execution; you could exchange the script with
something else in the meantime).
You can use a wrapper like Misc/setuid-prog.c (from the python
source distribution; if you need the single file only you can get
it via the CVSweb interface from www.python.org). REad the
instructions inside setuid-prog.c.
Compile with:
cc -DFULL_PATH='"/full/path/of/script"' setuid-prog.c -o myscriptname
It might still be a security risk to use that. You must trust
setuid-prog.c and Python to have no exploitable security holes
(the same way you would trust Perl and setuidperl...).
Johannes
More information about the Python-list
mailing list