Best way to gain root privileges
GSO
gsowww at yahoo.co.uk
Wed Feb 16 20:40:25 EST 2011
Apols for being a nuisance. I'm normally if anything a web programmer.
It looks like there are set-id functions in the os module. Further I
don't actually need root privileges, just write access to a directory
that a user ordinarily does not have write access to (and preferably
not read). So a call to os.setegid(egid) with a group created for the
program's use alone would do this then. (Unless this is bad technique
security wise otherwise, as a uid 0 seteuid call would be considered;
but surely what I am thinking of doing is not a security risk.)
> I have almost no experiences with Perl, but I really doubt, that the general
> problem would be solved with it.
>
Quoting from the article linked to by Steven D'Aprano:
"If you are new to secure programming, I recommend either sudo or a
Perl script. SUID Perl scripts have built-in protection to prevent
programmers from making the mistakes addressed in this article."
Perl has something called 'tainted mode' built in, which for example
will prevent what it judges as untrustworthy data being appended to
the end of the passwd file.
More information about the Python-list
mailing list