suid Python script

Jeff Epler jepler at unpythonic.net
Sun Aug 24 21:54:17 CEST 2003


You need to sanitize the environment, there's no question about that.
For instance, if you allow the user's value of PYTHONPATH to exist in
the setuid script, then the user can load an arbitrary module instead of
any of the builtin python modules.

Note that the Python source distribution has something called
Misc/setuid-prog.c.  It seems to deal with the PYTHON* environment
variables.

Jeff





More information about the Python-list mailing list