Python prog needs root -how to do this securely

Andrew McNamara andrewm at object-craft.com.au
Mon Aug 25 03:57:32 CEST 2003


>I have a Python program which runs as user 'www' (it's a CGI).
>It needs root privilege to write a particular file.
>What's the best way of doing this while remaining secure?
>
>Right now I do os.system("sudo myutil parms") and pass the parms to it.
>I remove : < > & | from the parm string before passing it.
>Is there a way to do this without making a system call?

What you are talking about is "setuid" - it's best avoided unless you
are an expert (and even they get caught out - there are many gotchya -
use google if you care). You generally can't make scripts setuid.

It's generally considered a good idea to have the minimum amount of
code possible running with elevated priviledges - rather than making
the entire application priviledged, you might have it ask a priviledged
daemon to do the work instead.

With security, you always err on the side of caution - in your message
above, rather than removing some characters you know to be harmful,
you would only allow requests containing characters you know to be safe
and necessary in your context (don't guess). Often you find A-Z, a-z,
0-9 are the only characters you *really* need.

Your context is a particularly hard problem to solve - if you aren't very
very careful, you will allow anyone who compromises your web server (or a
script running under the web server) to then compromise root. If you go
the "root helper" approach, the helper needs to be completely paranoid
about what it accepts (never trust what it's told by a user).

-- 
Andrew McNamara, Senior Developer, Object Craft
http://www.object-craft.com.au/





More information about the Python-list mailing list