urllib/ftpwrapper

Johannes Stezenbach yawyi at gmx.de
Thu May 25 17:06:24 CEST 2000


Michael Ströder <michael at stroeder.com> wrote:
>In one of my projects I'm using the SocketServer.ThreadingMixIn to
>drive a multi-threaded HTTP server. For binding to a privileged port
>my naive approach was to do all the initialization stuff as root and
>do a setuid(wwwrun) just before calling method serve_forever() of
>the server class. Works just fine.
>
>Does anybody see any security problems with that approach?

You may also want to call setgid() before setuid().
The general rule is to do as little work as possible using
root privileges and drop them ASAP (least privilege principle).
So "all the initialization stuff as root" may not be the ideal
strategy, but as long as you drop root privileges before you
start to process data from the network it may be OK (unless
unprivileged users can start your server via a setuid wrapper,
where they might try to hack root be feeding it invalid
configuration files or command line options).

For more info read the "Secure UNIX Programming FAQ" at
http://www.whitefang.com/sup/ (also posted bi-weekly to
comp.security.unix).

Johannes




More information about the Python-list mailing list