Question about c wrapper for a python cgi project.

Ignacio Vazquez-Abrams ignacio at openservices.net
Tue Sep 4 03:53:48 CEST 2001


On Mon, 3 Sep 2001, Ignacio Vazquez-Abrams wrote:

> On Mon, 3 Sep 2001, Wayne Ringling wrote:
>
> >  I have been researching a way to somehow run a script in a c wrapper as
> > root.  I have created a python script to alter the password and shadow files
> > to add,delete,change users for an online community project my group is
> > working on.  Can someone point me to a reference/how to about how I can do
> > this.  I have created a session persistent cookie/database system to monitor
> > state between pages and login/logout.  I just need a way to run the script
> > as root securely.  Or is that just a pipedream?  I would love to entertain
> > any other ideas on how I can do this.
> >
> > Wayne
>
> You said "run as root" and "securely" in the same sentence relating to CGI.
> You're funny!
>
> There is no way to make it entirely secure, but you can start by getting the
> script that changes the password OUT of any directory directly-accesible by
> the web server. Then make a script that verifies EVERYTHING about the
> information (i.e., minimum uid, length of password, etc.) and then, and _only_
> then, should you call the other script (which has been made suid root, and
> possibly sgid root) to do the changes.

My bad. Setting scripts suid/sgid doesn't matter because it only works on
executables.

Take a look at a little program called sudo which allows execution of any
program as root.

-- 
Ignacio Vazquez-Abrams  <ignacio at openservices.net>





More information about the Python-list mailing list