gh at ghaering.de
Fri Apr 25 17:19:14 CEST 2003
Helmut Jarausch wrote:
> upto now my favourite scripting language is (was?) Perl.
> There one can turn on the SUID-exec permission bit which
> is honoured by Perl.
> In this situation Perl enters a special "taint" mode where
> anything from the outside world like the environment or anything
> read in is tainted. If one tries to use a tained variable in
> critical operation like 'exec' or 'open' Perl refuses to do so.
> So this mechanism is safer than write an SUID program in C/C++ .
> Is there something similar in Python?
Short answer: No.
There's a demo suid wrapper in the source distribution that you could
use to get a suidperl equivalent at all. To minimize security risks, you
can then perhaps divide your program into two processes, a suid one and
one running with default privileges. These could communicate via a Unix
domain socket or via pipes.
As far as I know that's how systems like Postfix work.
More information about the Python-list