Re. suid/sudo in python

rustom rustompmody at gmail.com
Mon Mar 30 18:27:45 CEST 2009


On Mar 30, 6:47 pm, bieff... at gmail.com wrote:
> On Mar 30, 1:16 pm, Rustom Mody <rustompm... at gmail.com> wrote:
>
>
>
> > Ben Finney wrote
>
> > > The key thing to realise is that, having relinquished privilege, the same process can't get it back again as easily. So if you need to
> > > do some tasks as a privileged user, do those *very* early and then drop the privileges for the rest of the life of the process.
>
> > > Taking this further, you should isolate exactly what tasks need root privilege into a separate process altogether, and make
> > > that process as well-tested and simple as possible: it should do nothing *but* those tasks for which it needs root privilege.
>
> > I dont think this would be easy or convenient (if at all possible) in my case.
>
> > I am trying to write a tiny web based application that will give an
> > overall picture of LVM, Volume groups, Raid, SCSI and the underlying
> > disk partitions. The administrative tools dealing with low level
> > storage stack (e.g. fdisk, pvcreate, vgcreate, lvcreate, mdadm etc.)
> > need to be run as root.
>
> > However since this runs behind apache. Apache creates a separate user
> > for the webserver. Hence the CGI scripts or any other tools that they
> > call run as that user.
>
> > The solution currently is
> > - Write the CGI program in C, put setuid(0), setgid(0) statements in
> > that file and then perform any other actions (including calling other
> > scripts)
> > - Set the S bit of the executable of the CGI binary compiled from the
> > C file (chmod +S xxx.cgi)
>
> > Yeah yeah "Security! HOLE!!" etc but please note that this is running
> > on linux on vmware on an otherwise secure system.
>
> > So whats the best way of doing this in python?
>
> Have a 'server process' running with root privilege ( a script started
> by a privileged account)  and implement a protocol to ask for system
> info from your cgi scripts under apache. In python this is a lot
> easier than it sounds.
> The simplest case would be that to send a 'system command' to the
> server through a unix socket, the server
> executes the command as received and returns the command output. Not
> more than a day work, I believe. Not much more secure that
> a setuid python script, also, maybe less :-)

Well the current C root owned setuid-ing and calling out to shell is
simple enough I guess.
The shell could be replaced by python of course.

> A better implementation would be such that the protocol only allows
> for a set of pre-defined safe requests ...




More information about the Python-list mailing list