root password in a .py script
Gerrit
gerrit at nl.linux.org
Sun Mar 14 09:37:01 EST 2004
Bart Nessux wrote:
>
> Yes, I know it isn't. It's not very graceful at all, but I must do it.
> Whether I use a baseball bat from a distance of 1 meter to strike a
> computer monitor or use a sniper rifle from 400 meters away to shoot the
> monitor, the result is the same. Currently, this is a kludge (the baseball
> bat approach)... I'm trying to make it more graceful.
I think there is a better way.
Create a very small binary program which does only an exec of python
with this script as argument. Let this program be Setuid. Let the python
script have permissions 600. This way, people will be able to execute
the script without reading it, and they won't be able to see the root
password.
A risk is, however, in the path inside the c program, because the
program runs as root. If a user is able to fool the program, they will
be root as well.
Gerrit.
--
Weather in Amsterdam Airport Schiphol, Netherlands 14/03 13:55 UTC:
12.0°C Few clouds mostly cloudy wind 10.3 m/s SSW (-2 m above NAP)
--
Asperger's Syndrome - a personal approach:
http://people.nl.linux.org/~gerrit/english/
More information about the Python-list
mailing list