Best way to gain root privileges

Adam Skutt askutt at gmail.com
Thu Feb 17 03:44:05 CET 2011


On Feb 16, 8:40 pm, GSO <gso... at yahoo.co.uk> wrote:
> Apols for being a nuisance.  I'm normally if anything a web programmer.
>
> It looks like there are set-id functions in the os module.  Further I
> don't actually need root privileges, just write access to a directory
> that a user ordinarily does not have write access to (and preferably
> not read).

So give them that instead, preferably via ACL. Reliably denying read
access may be difficult, however.  Chances are pretty good that any
solution you create won't be any more secure than this, though.

>  So a call to os.setegid(egid) with a group created for the
> program's use alone would do this then. (Unless this is bad technique
> security wise otherwise, as a uid 0 seteuid call would be considered;
> but surely what I am thinking of doing is not a security risk.)

Except in order to do this you need to be root, of course, or make the
users members of that group anyway (in which case, just use the damn
ACL).

Adam



More information about the Python-list mailing list