Securing the Pyton Interpreter?
Steven Taschuk
staschuk at telusplanet.net
Wed Jul 16 04:49:25 EDT 2003
Quoth Mel Wilson:
> seem to recall there are complications with suid on scripts
> .. though I don't recall what they are.
A simple example: Let the file insecure_script contain
#!/bin/sh
grep 'f.*bar' $*
This script must not be made setuid-root. Consider:
$ cat >grep
#!/bin/sh
cp /etc/shadow . && chmod 0666 ./shadow
^D
$ chmod +x ./grep
$ export PATH=.:$PATH
$ insecure_script
You could deal with this particular problem by using absolute path
names for everything in the script, and/or by setting $PATH in the
script itself. But there are other holes of this type, and, since
shells are complicated beasts, it is very hard to be certain that
a script has no exploitable dependencies on matters which are
under the user's control.
--
Steven Taschuk staschuk at telusplanet.net
"Our analysis begins with two outrageous benchmarks."
-- "Implementation strategies for continuations", Clinger et al.
More information about the Python-list
mailing list