suid Python script
jepler at unpythonic.net
Sun Aug 24 21:54:17 CEST 2003
You need to sanitize the environment, there's no question about that.
For instance, if you allow the user's value of PYTHONPATH to exist in
the setuid script, then the user can load an arbitrary module instead of
any of the builtin python modules.
Note that the Python source distribution has something called
Misc/setuid-prog.c. It seems to deal with the PYTHON* environment
More information about the Python-list