[Python-Dev] Pondering some changes to python.c...

[Barry A. Warsaw]

>>>>> "AK" == Andrew Koenig <ark@research.att.com> writes:

    Sean> It would seem that if you were to unset LD_LIBRARY_PATH and
    Sean> PYTHONPATH (I'm probably missing something), and then pick
    Sean> up the priveleges specified in argv[1], that you could
    Sean> safely do SUID Python.  Some folks I've mentioned it to seem
    Sean> to think it's just a bad idea to have an SUID python, but I
    Sean> think it's better to solve the problems once than have
    Sean> people re-inventing the wheel badly...

    AK> You might want to be careful about LD_LIBRARY_PATH -- if the
    AK> executable is built for dynamic linking, and it needs a
    AK> library that's not in /usr/lib, mightn't changing
    AK> LD_LIBRARY_PATH cause it to fail?

It might indeed, although some *nixes have ways for the sysadmin to
safely extend the default lookup path (i.e. /etc/ld.so.conf and
ldconfig).

-Barry