Running subshells under setuid
czrpb
nanotech at europa.com
Thu Feb 13 12:17:37 EST 2003
Anders/All:
Unfortunately using os.exec I can not then do something like:
for path in paths:
os.exec(RSYNC,path)
right??
Looks like I am stuck using sudo yes?
thanks!! -- Quentin
--- In python-list at yahoogroups.com, iko at c... (Anders Hammarquist)
wrote:
> In article <mailman.1045095124.20457.python-list at p...>,
> czrpb <nanotech at e...> wrote:
> >> I have the following Python script being run by a setuid binary:
> >>
> >> import os,pwd
> >>
> >> s="uid: %s, euid:
> >%s"%(pwd.getpwuid(os.getuid())[0],pwd.getpwuid(os.geteuid())[0])
> >> print ">>>",s
> >> os.system("rsync -v --progress setuid.c dog")
> >
> >I found the following in the bash man page:
>
> [bash sets euid to uid if different]
>
> >Is there something similar w/ python?
>
> No, Python doesn't do this (or you would get the same uid for
> both uid and euid when you printed it). HOWEVER, os.system()
> uses the shell, so anything run through os.system() will have
> it's euid reset.
>
> This is a feature.
>
> You don't want to run the shell from setuid binaries (the only
> exception being su for obvious reasons). You will very likely
> have security issues with doing that (in the above example,
> which rsync will get executed?)
>
> If you want rsync to run with euid priviliges, use os.exec()
> WITH AN EXPLICIT PATH to rsync. You can't trust $PATH.
>
> /Anders
>
> --
> -- Of course I'm crazy, but that doesn't mean I'm wrong.
> Anders Hammarquist | iko at c...
> Physics student, Chalmers University of Technology, | Hem: +46 31 88
48 50
> G|teborg, Sweden. RADIO: SM6XMM and N2JGL | Mob: +46 707
27 86 87
> --
More information about the Python-list
mailing list