Python, Linux, and the setuid bit

Ethan Furman ethan at stoneleaf.us
Mon Apr 14 17:13:49 EDT 2014 

For anyone in the unenviable position of needing [1] to run Python scripts with the setuid bit on, there is an 
suid-python wrapper [2] that makes this possible.

When I compiled it I was given a couple warnings.  Can any one shed light on what they mean?

==================================================================
suid-python.c: In function ‘malloc_abort’:
suid-python.c:119:17: warning: format ‘%d’ expects argument of type ‘int’, but argument 3 has type ‘size_t’ [-Wformat]
suid-python.c: In function ‘remove_env_prefix’:
suid-python.c:200:32: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
suid-python.c:201:32: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
==================================================================

and the code segments in question:

==================================================================
void *
malloc_abort(size_t size)
{
     void *buf;

     buf = malloc(size);
     if (!buf)
     {
         fprintf(stderr, "Could not allocate %d bytes.  errno=%d\n",
                 size, errno);
         exit(1);
     }

     return buf;
}
------------------------------------------------------------------
int
remove_env_prefix(char **envp, char *prefix)
{
     char **envp_read;
     char **envp_write;
     int prefix_len = strlen(prefix);
     int removed_count = 0;

     envp_write = envp;
     for (envp_read = envp; *envp_read; envp_read++)
     {
         if (!strncmp(*envp_read, prefix, prefix_len))
         {
             /* Step past the environment variable that we don't want. */
             removed_count++;
             continue;
         }

         if (envp_read != envp_write)
         {
             *envp_write = *envp_read;
         }

         envp_write++;
     }

     /* Set the remaining slots to NULL. */
     if (envp_write < envp_read)
     {
         memset(envp_write, 0, ((unsigned int) envp_read -
                                (unsigned int) envp_write));
     }

     return removed_count;
}
==================================================================

Thanks!

--
~Ethan~

[1] Need, or really really really convenient to have. ;)
[2] http://selliott.org/python/

More information about the Python-list mailing list