Python SUID

Ben Logan ben at wblogan.net
Sat Jan 12 09:38:24 EST 2002


Hello,

You might want to have a look at sudo.  It has the same effect as
setting the script suid, but is generally considered to be much safer.
Linux (and I assume other unices, but I'm not sure) will not allow a
shell script--and I think that applies to scripts in general--to be
suid because of the huge security risk.

OTOH, I think that you could make your wrapper script work by changing
the user to root inside the C program (I'm probably not saying that
correctly).  I don't know how that's done (I don't know C), but I know
it can be, and is basically what sudo does.

Regards,
Ben

On Sat, Jan 12, 2002 at 01:09:46PM +0000, Florian Fredegar Haftmann wrote:
> Hi!
> 
> I wanna make a python script run suid (for root); I tried to use a C 
> wrapper:
> 
> ------------------------------
> #define PATH "backup2disk.py"
> 
> int main(argc, argv)
> 	int	argc;
> 	char**	argv;
> {
> 	execv(PATH, argv);
> }
> ------------------------------
> 
> The files have the signature:
> 
> -rwsr-xr-x root	root	backup2disk	(the compiled wrapper)
> -rwxr-xr-x rppt	root	backup2disk.py	(the python script)
> 
> 
> I can start the binary backup2disk, but the python script doesn't run suid.
> 
> What's wrong?
> 
> Thanks,
> FFH
> 
> -- 
> http://mail.python.org/mailman/listinfo/python-list
> 

-- 
Ben Logan: ben at wblogan dot net
OpenPGP Key KeyID: A1ADD1F0

Yinkel, n.:
	A person who combs his hair over his bald spot, hoping no one
	will notice.
		-- Rich Hall, "Sniglets"




More information about the Python-list mailing list