Re. suid/sudo in python

andrew cooke andrew at acooke.org
Mon Mar 30 13:47:57 CEST 2009


Rustom Mody wrote:
> Ben Finney wrote
>> The key thing to realise is that, having relinquished privilege, the
>> same process can't get it back again as easily. So if you need to
>> do some tasks as a privileged user, do those *very* early and then drop
>> the privileges for the rest of the life of the process.
>>
>> Taking this further, you should isolate exactly what tasks need root
>> privilege into a separate process altogether, and make
>> that process as well-tested and simple as possible: it should do nothing
>> *but* those tasks for which it needs root privilege.
>
> I dont think this would be easy or convenient (if at all possible) in my
> case.
>
> I am trying to write a tiny web based application that will give an
> overall picture of LVM, Volume groups, Raid, SCSI and the underlying
> disk partitions. The administrative tools dealing with low level
> storage stack (e.g. fdisk, pvcreate, vgcreate, lvcreate, mdadm etc.)
> need to be run as root.

i think you should isolate exactly what tasks need root privilege into a
separate process altogether, and make that process as well-tested and
simple as possible: it should do nothing *but* those tasks for which it
needs root privilege.

in this case, for example, that would have absolutely nothing to do with
interfacing to the web - it would focus only on the particular tasks you
need to do with the administrative tools (it would also take care, for
example, to allow only "read-like" commands to be executed, by exposing
explicit methods for those rather than the unix commands as a whole) (are
you sure the information you need is not available via reading /proc?)

andrew




More information about the Python-list mailing list