Root access with python
Steve Holden
sholden at holdenweb.com
Mon Apr 1 07:15:31 EST 2002
"Jim Dennis" <jimd at vega.starshine.org> wrote in message
news:a88h4i$1v8n$1 at news.idiom.com...
> In article <Ou4o8.17920$Ii4.1702 at atlpnn01.usenetserver.com>, Steve Holden
wrote:
[...]
>
> > As far as setuid scripts goes, just say no. There are far too many
security
> > holes in almost every Unix to think that it's safe to use setuid
scripts.
>
[...]
> As for your overall "advice." It's of little value to tell
> someone: "don't do that" without offering any suggestion about
> what he or she SHOULD try.
>
> Whenever discussing computer system security I avoid
> proscriptive pronouncements like: "you can't do that" or
> "no one should ..."
>
[...]
> When we say, "you can't do that," we're imposing requirements on the
> OP without regard for his or her other requirements and without
> regard for any risk assessment or cost/benefit analysis that he or
> she may have done.
>
I'm not imposing any requirements on anybody, this is Usenet, remember.
Any advice I offer on Usenet is offered on the basis that the recipient
knows more about their situation than I do, and they are free to ignore such
advice as does not suit them.
> Unfortunately I don't know how to make SUID python scripts. In my
> current ignorance I'd have to recommend sperl with "taint checking,"
> or a sudoers entry, or a small SUID C wrapper program.
>
So, now you've told me off, what *should* the OP do?
regards
Steve
More information about the Python-list
mailing list