[Python-Dev] Pondering some changes to python.c...
Barry A. Warsaw
barry@zope.com
Sun, 7 Apr 2002 12:26:01 -0400
>>>>> "AK" == Andrew Koenig <ark@research.att.com> writes:
Sean> It would seem that if you were to unset LD_LIBRARY_PATH and
Sean> PYTHONPATH (I'm probably missing something), and then pick
Sean> up the priveleges specified in argv[1], that you could
Sean> safely do SUID Python. Some folks I've mentioned it to seem
Sean> to think it's just a bad idea to have an SUID python, but I
Sean> think it's better to solve the problems once than have
Sean> people re-inventing the wheel badly...
AK> You might want to be careful about LD_LIBRARY_PATH -- if the
AK> executable is built for dynamic linking, and it needs a
AK> library that's not in /usr/lib, mightn't changing
AK> LD_LIBRARY_PATH cause it to fail?
It might indeed, although some *nixes have ways for the sysadmin to
safely extend the default lookup path (i.e. /etc/ld.so.conf and
ldconfig).
-Barry