Securing the Pyton Interpreter?

Steven Taschuk staschuk at
Wed Jul 16 10:49:25 CEST 2003

Quoth Mel Wilson:
> seem to recall there are complications with suid on scripts
> .. though I don't recall what they are.

A simple example:  Let the file insecure_script contain
    grep 'f.*bar' $*
This script must not be made setuid-root.  Consider:
    $ cat >grep
    cp /etc/shadow . && chmod 0666 ./shadow
    $ chmod +x ./grep
    $ export PATH=.:$PATH
    $ insecure_script

You could deal with this particular problem by using absolute path
names for everything in the script, and/or by setting $PATH in the
script itself.  But there are other holes of this type, and, since
shells are complicated beasts, it is very hard to be certain that
a script has no exploitable dependencies on matters which are
under the user's control.

Steven Taschuk                            staschuk at
"Our analysis begins with two outrageous benchmarks."
  -- "Implementation strategies for continuations", Clinger et al.

More information about the Python-list mailing list