proposal: add setresuid() system call to python

[Mahmoud Abdelkader]

Why don't you write a python extension module? This is a perfect opportunity
for that.

--
mahmoud mack abdelkader
http://blog.mahmoudimus.com/



On Fri, Jul 17, 2009 at 4:01 PM,
<travis+ml-python at subspacefield.org<travis%2Bml-python at subspacefield.org>
> wrote:

> Hello,
>
> Historically, I have used scripting languages like python for typical
> uses, but they tend to not fare very well at system programming; for
> close interfacing with the operating system, I'm often forced to use a
> language like C.  This is undesirable to me.
>
> I do not think this has to be the case; I see no reason why a
> scripting language can't implement more of the system call API, at the
> risk of having some OS-dependent modules.  I would actually like to
> see more network servers written in scripting languages, as they
> neatly avoid buffer overflow and integer overflow issues with no extra
> effort.
>
> One BIG roadblock to doing this is when they can't manage to drop
> permissions properly.
>
> I am suggesting that the setresuid function be added to python,
> perhaps in the OS module, because it has the clearest semantics for
> manipulating user ids.  The reason why is best described in the
> following paper:
>
> http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf<http://www.eecs.berkeley.edu/%7Edaw/papers/setuid-usenix02.pdf>
>
> One argument against this is that it is not specified by POSIX, and
> thus might be dismissed as "implementation dependent".
>
> However, as the paper above demonstrates, even though the setuid
> system call is defined by POSIX, it already has system-dependent
> behavior.  POSIX provides for at least two different behaviors of the
> setuid call, and even more if you consider that it leaves what
> constitutes "appropriate privileges" up to the OS kernel.
>
> I humbly propose that python implement all the routines necessary to
> securely drop privileges, to enable construction of network daemons
> that might need to drop privileges from root to some non-root userid
> (e.g. mail transfer agents, or POP/IMAP servers).
>
> Furthermore, where there are multiple system calls to achieve this
> effect, it should implement the ones with the clearest semantics, and
> setresuid fits that bill.  To see what an utter mess the uid-manipulation
> routines are in, I refer you once again to this paper, as the situation
> is too complicated to describe in this email:
>
> http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf<http://www.eecs.berkeley.edu/%7Edaw/papers/setuid-usenix02.pdf>
>
> Opinions?
>
> Best,
> Travis
> --
> Obama Nation | My emails do not have attachments; it's a digital signature
> that your mail program doesn't understand. |
> http://www.subspacefield.org/~travis/<http://www.subspacefield.org/%7Etravis/>
> If you are a spammer, please email john at subspacefield.org to get
> blacklisted.
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20090717/176d6f43/attachment.html>