Best way to gain root privileges
Adam Skutt
askutt at gmail.com
Wed Feb 16 21:44:05 EST 2011
On Feb 16, 8:40 pm, GSO <gso... at yahoo.co.uk> wrote:
> Apols for being a nuisance. I'm normally if anything a web programmer.
>
> It looks like there are set-id functions in the os module. Further I
> don't actually need root privileges, just write access to a directory
> that a user ordinarily does not have write access to (and preferably
> not read).
So give them that instead, preferably via ACL. Reliably denying read
access may be difficult, however. Chances are pretty good that any
solution you create won't be any more secure than this, though.
> So a call to os.setegid(egid) with a group created for the
> program's use alone would do this then. (Unless this is bad technique
> security wise otherwise, as a uid 0 seteuid call would be considered;
> but surely what I am thinking of doing is not a security risk.)
Except in order to do this you need to be root, of course, or make the
users members of that group anyway (in which case, just use the damn
ACL).
Adam
More information about the Python-list
mailing list