(no subject)
Xavier Kaotico
sabu at pure-elite.org
Tue May 7 10:14:25 EDT 2002
Hey Daniel,
I was at this exact spot once before. The reason why you are getting the
OSError/permission fault is because Python is not +s/+sg. See, the script can be
s+ and owned by root with world executions, and still won't be able to call
setuid(0)/setgid(0). Since Python is an interpreter, and the script calls it to
execute its payload; logically, it will not be able to setuid(0)/setgid(0) from a
-s/-sg Python binary.
In order for your script to work right, you must +suid Python, however -- that
idea is bad, since Python, with +s can be turned into a backdoor, by your system
users, if they had execution rights. A malicious user would merely execute:
python -c 'import os; os.setuid(0);os.setgid(0);os.system("sh")'
And, right there -- would have a rootshell, gained from your +suid attachment to
Python. Thus, making it quite a bad idea. And of course, that would mean that
any other environment your script is run under -- it must attain a +suid Python
as well; thus complicating the whole purpose (only if your planning to distribute
the code of course).
Take care, Xavier.
----- Original Message -----
From: insaney at ufl.edu (Daniel)
Date: 7 May 2002 06:33:10 -0700
To: python-list at python.org
Subject: os.seteuid
I'm new at this, so maybe I've just got it all wrong, but I have a
python script owned by root:root with chmod +s. Should this script be
able to set-uid/gid/euid/egid or anything? The script fails at
changing any of these to anything else.
Help?
~ Daniel
$ ls -al testing2
-rwsr-sr-x 1 root root 205 May 7 09:10 testing2
$ cat testing2
#!/usr/bin/python2
import os
print os.getgid(),os.getegid(),os.getuid(),os.geteuid()
print os.getgroups()
os.seteuid(0)
$ ./testing2
48 48 48 48
[48]
Traceback (most recent call last):
File "./testing2", line 5, in ?
os.seteuid(0)
OSError: [Errno 1] Operation not permitted
if useful...
running RH linux 7.2... have tried python 2.2 and python 1.5.2
(without print os.getgroups() line)
--
http://mail.python.org/mailman/listinfo/python-list
More information about the Python-list
mailing list