sudo open() ? (python newbee question)

Dan Sommers me at privacy.net
Tue Jun 14 14:12:17 CEST 2005


On Tue, 14 Jun 2005 11:52:13 +0200,
Denis WERNERT <penguin_archer at yahoo.com> wrote:

> The script could be SUID Root, and you could use os.setuid immediately
> after having performed the task to switch to a non-priviledged
> user. May be a big security risk, if someone can alter the script, he
> gains root access to the system...

I am *not* advocating suid scripts, and *ESPECIALLY NOT* suid Python
programs, but if a user can modify an unwriteable suid script owned by
root in a an unwriteable directory, then they already have root access
to the system (unless there's' a kernel or filesystem bug, in which case
all bets are off anyway).

Regards,
Dan

-- 
Dan Sommers
<http://www.tombstonezero.net/dan/>



More information about the Python-list mailing list