Best way to gain root privileges
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Thu Feb 17 16:46:58 EST 2011
On Thu, 17 Feb 2011 19:44:20 +0000, Katie T wrote:
> Running any kind of script sudo'd is a bad idea, it's very very hard (in
> many cases impossible) to do securely. Root permissions in general
> should only be used for what they're needed for and nothing else (that
> means getting the permission, doing the stuff that needs to be done as
> root, and then returning back to normal privs), anything else is just
> asking for trouble.
I agree with your general point, but the specific point to avoid running
scripts with sudo? Are you sure you're not conflating sudo with setuid?
By my reading, sudo is far preferred over running scripts setuid root.
Linux, for example, simply will not run scripts setuid root because of
the security risk, while running things using sudo is considered best
practice, and much preferred over logging in as root. The idea of sudo is
to do exactly what you say: doing the stuff needed as root with elevated
permission, then returning to normal.
--
Steven
More information about the Python-list
mailing list