Securing the Pyton Interpreter?
staschuk at telusplanet.net
Wed Jul 16 10:49:25 CEST 2003
Quoth Mel Wilson:
> seem to recall there are complications with suid on scripts
> .. though I don't recall what they are.
A simple example: Let the file insecure_script contain
grep 'f.*bar' $*
This script must not be made setuid-root. Consider:
$ cat >grep
cp /etc/shadow . && chmod 0666 ./shadow
$ chmod +x ./grep
$ export PATH=.:$PATH
You could deal with this particular problem by using absolute path
names for everything in the script, and/or by setting $PATH in the
script itself. But there are other holes of this type, and, since
shells are complicated beasts, it is very hard to be certain that
a script has no exploitable dependencies on matters which are
under the user's control.
Steven Taschuk staschuk at telusplanet.net
"Our analysis begins with two outrageous benchmarks."
-- "Implementation strategies for continuations", Clinger et al.
More information about the Python-list