no setuid for CGI scripts?

Andreas Kostyrka andreas at mtg.co.at
Mon Nov 5 15:40:19 CET 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Montag, 5. November 2001 12:48 schrieb pawn:
> I'm trying to convert a few simple CGI scripts from Perl to Python,
> and was shocked to learn that the Python interpreter silently ignores
> the setuid bit.
Thats not a problem of python, it's a general problem with setuid scripts.
Perl supports this by having a special version that does all the setuid stuff 
itself. It's the OS that forbids setuid/setgid operation of scripts, as it is 
basically unsafe. How perl solves the inherent race condition I'm not sure.
Actually, SuSE at least leaves the suid bit off by default on 
/usr/bin/suidperl. So I'm not the only paranoid on this planet. ;)

> I really don't know how to get around this. Since the server is hosted
> remotely I can't recompile python to allow setuid, and I can't make my
> files world read/writable - I need my python CGIs to run with MY uid.
Well, then your hosting provider is setup in a wrongway: They should setup 
suexec ;)
>
> I read somewhere about using a wrapper C program but it seems really
> convoluted, as well as requiring a different wrapper for each CGI.
Not necessarily: It could process the argv[0] argument, check it against a 
list of "allowed" scripts and execute the right one.

Andreas
- -- 
Andreas Kostyrka; Raiffeisenstr. 16/9; 2320 Zwölfaxing
Tel: +43/676/4091256; Fax: +43/1/7065299
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE75qTWHJdudm4KnO0RAlNZAKCVRI3hBCsfehUg/EGbHOx3KVt6ZgCgijI0
a02pj3PEUBG5rs4IJwzrh0E=
=/vyE
-----END PGP SIGNATURE-----




More information about the Python-list mailing list