no setuid for CGI scripts?

Barry A. Warsaw barry at zope.com
Tue Nov 6 07:18:02 CET 2001


Others have posted their wrapper solutions, so I'll just quickly
mention mine.  Mailman has a C wrapper for both CGI and mail
programs.  It's about 3 C files and a single header file that are used
to compile a dozen binary executables using C preprocessor tricks.
Works like a charm and should be very portable.

Mailman works via setgid scripts, and the allowable group-ownership of
the process is compiled in.  But it is very careful about the
environment variables it allows in, and will only exec a compiled in
Python executable (i.e. not one found on $PATH).

It also tries to produce useful error messages in the case of
failures.  If your program is compatible with the GPL, you're welcome
to use it and adapt it to your needs.

-Barry



More information about the Python-list mailing list