no setuid for CGI scripts?

Andreas Kostyrka andreas at
Mon Nov 5 15:40:19 CET 2001

Hash: SHA1

Am Montag, 5. November 2001 12:48 schrieb pawn:
> I'm trying to convert a few simple CGI scripts from Perl to Python,
> and was shocked to learn that the Python interpreter silently ignores
> the setuid bit.
Thats not a problem of python, it's a general problem with setuid scripts.
Perl supports this by having a special version that does all the setuid stuff 
itself. It's the OS that forbids setuid/setgid operation of scripts, as it is 
basically unsafe. How perl solves the inherent race condition I'm not sure.
Actually, SuSE at least leaves the suid bit off by default on 
/usr/bin/suidperl. So I'm not the only paranoid on this planet. ;)

> I really don't know how to get around this. Since the server is hosted
> remotely I can't recompile python to allow setuid, and I can't make my
> files world read/writable - I need my python CGIs to run with MY uid.
Well, then your hosting provider is setup in a wrongway: They should setup 
suexec ;)
> I read somewhere about using a wrapper C program but it seems really
> convoluted, as well as requiring a different wrapper for each CGI.
Not necessarily: It could process the argv[0] argument, check it against a 
list of "allowed" scripts and execute the right one.

- -- 
Andreas Kostyrka; Raiffeisenstr. 16/9; 2320 Zwölfaxing
Tel: +43/676/4091256; Fax: +43/1/7065299
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see


More information about the Python-list mailing list