Root access with python

Steve Holden sholden at holdenweb.com
Mon Apr 1 07:15:31 EST 2002


"Jim Dennis" <jimd at vega.starshine.org> wrote in message
news:a88h4i$1v8n$1 at news.idiom.com...
> In article <Ou4o8.17920$Ii4.1702 at atlpnn01.usenetserver.com>, Steve Holden
wrote:
[...]
>
> > As far as setuid scripts goes, just say no. There are far too many
security
> > holes in almost every Unix to think that it's safe to use setuid
scripts.
>
[...]
>   As for your overall "advice."  It's of little value to tell
>   someone: "don't do that" without offering any suggestion about
>   what he or she SHOULD try.
>
>   Whenever discussing computer system security I avoid
>   proscriptive pronouncements like: "you can't do that" or
>   "no one should ..."
>
[...]
>   When we say, "you can't do that," we're imposing requirements on the
>   OP without regard for his or her other requirements and without
>   regard for any risk assessment or cost/benefit analysis that he or
>   she may have done.
>
I'm not imposing any requirements on anybody, this is Usenet, remember.

Any advice I offer on Usenet is offered on the basis that the recipient
knows more about their situation than I do, and they are free to ignore such
advice as does not suit them.

>   Unfortunately I don't know how to make SUID python scripts.  In my
>   current ignorance I'd have to recommend sperl with "taint checking,"
>   or a sudoers entry, or a small SUID C wrapper program.
>
So, now you've told me off, what *should* the OP do?

regards
 Steve







More information about the Python-list mailing list