suid Python script

[Jeff Epler]

You need to sanitize the environment, there's no question about that.
For instance, if you allow the user's value of PYTHONPATH to exist in
the setuid script, then the user can load an arbitrary module instead of
any of the builtin python modules.

Note that the Python source distribution has something called
Misc/setuid-prog.c.  It seems to deal with the PYTHON* environment
variables.

Jeff