no setuid for CGI scripts?
andreas at mtg.co.at
Mon Nov 5 15:40:19 CET 2001
-----BEGIN PGP SIGNED MESSAGE-----
Am Montag, 5. November 2001 12:48 schrieb pawn:
> I'm trying to convert a few simple CGI scripts from Perl to Python,
> and was shocked to learn that the Python interpreter silently ignores
> the setuid bit.
Thats not a problem of python, it's a general problem with setuid scripts.
Perl supports this by having a special version that does all the setuid stuff
itself. It's the OS that forbids setuid/setgid operation of scripts, as it is
basically unsafe. How perl solves the inherent race condition I'm not sure.
Actually, SuSE at least leaves the suid bit off by default on
/usr/bin/suidperl. So I'm not the only paranoid on this planet. ;)
> I really don't know how to get around this. Since the server is hosted
> remotely I can't recompile python to allow setuid, and I can't make my
> files world read/writable - I need my python CGIs to run with MY uid.
Well, then your hosting provider is setup in a wrongway: They should setup
> I read somewhere about using a wrapper C program but it seems really
> convoluted, as well as requiring a different wrapper for each CGI.
Not necessarily: It could process the argv argument, check it against a
list of "allowed" scripts and execute the right one.
Andreas Kostyrka; Raiffeisenstr. 16/9; 2320 Zwölfaxing
Tel: +43/676/4091256; Fax: +43/1/7065299
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Python-list