Linux SUID

Gerhard Häring gh at ghaering.de
Fri Apr 25 17:19:14 CEST 2003


Helmut Jarausch wrote:
> Hi,
> upto now my favourite scripting language is (was?) Perl.
> There one can turn on the SUID-exec permission bit which
> is honoured by Perl.
> In this situation Perl enters a special "taint" mode where
> anything from the outside world like the environment or anything
> read in is tainted. If one tries to use a tained variable in
> critical operation like 'exec' or 'open' Perl refuses to do so.
> So this mechanism is safer than write an SUID program in C/C++ .
> 
> Is there something similar in Python?

Short answer: No.

There's a demo suid wrapper in the source distribution that you could 
use to get a suidperl equivalent at all. To minimize security risks, you 
can then perhaps divide your program into two processes, a suid one and 
one running with default privileges. These could communicate via a Unix 
domain socket or via pipes.

As far as I know that's how systems like Postfix work.

-- Gerhard





More information about the Python-list mailing list