SuSE Linux, python and setgid
Johannes Stezenbach
yawyi at gmx.de
Mon Jun 26 07:09:40 EDT 2000
More information about the Python-list mailing list
Mon Jun 26 07:09:40 EDT 2000
- Previous message (by thread): SuSE Linux, python and setgid
- Next message (by thread): SuSE Linux, python and setgid
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thomas Leonhardt <leonhardt at informatik.tu-darmstadt.de> wrote: >I have got the problem that I should install a script on our server >which was written in python. The problem is that the script checks >wether the group id was set as specified by the file permissions. > >But somehow the gid is not set when I execute the script. Is there >something like suidperl for python or smoethingelse special with >SuSE linux which causes the gid not beeing set?? set[ug]id scripts are unsafe and for that reason disabled by the kernel in most UNIXes (reason: race condition between when the kernel reads the #! line and the the called interpreter reopens the script for execution; you could exchange the script with something else in the meantime). You can use a wrapper like Misc/setuid-prog.c (from the python source distribution; if you need the single file only you can get it via the CVSweb interface from www.python.org). REad the instructions inside setuid-prog.c. Compile with: cc -DFULL_PATH='"/full/path/of/script"' setuid-prog.c -o myscriptname It might still be a security risk to use that. You must trust setuid-prog.c and Python to have no exploitable security holes (the same way you would trust Perl and setuidperl...). Johannes
- Previous message (by thread): SuSE Linux, python and setgid
- Next message (by thread): SuSE Linux, python and setgid
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list