suid Python script

Jeff Epler jepler at
Sun Aug 24 21:54:17 CEST 2003

You need to sanitize the environment, there's no question about that.
For instance, if you allow the user's value of PYTHONPATH to exist in
the setuid script, then the user can load an arbitrary module instead of
any of the builtin python modules.

Note that the Python source distribution has something called
Misc/setuid-prog.c.  It seems to deal with the PYTHON* environment


More information about the Python-list mailing list