In other words, as long as you do nothing incautious like invoking an
editor or a mail program from your script, you would probably be safe
with a setuid C program that does nothing but exec your non-setuid
python script (that obtains increased/altered permission from its
parent process)...
In message <9311082119.AA09396=sjoerd@ansjovis.cwi.nl> you write:
>On Mon, Nov 8 1993 "Steven D. Majewski" wrote:
>
>> I note that there is a getuid/geteuid routine in posixmodule, but no
>> corresponding setuid. I would like to have a inet server daemon
>> written in python, but I need to setuid to the connecting users id.
>>
>> Adding setuid to posixmodule is easy enough, but the fact that it was
>> left out suggests to me that maybe the security problems of doing so
>> are greater than I would guess. Is there any problems with running
>> python scripts SETUID root ( assuming of course that the scripts them
>> self are installed without write access ). /usr/bin/python doesn't
>> need to be SETUID as well as the python script, does it ? ( THAT
>> *WOULD* be a problem! )
>
>I don't know why setuid and seteuid were left out. It may have been
>an oversight.
>
>As to your wanting to run a setuid python script, I strongly advice
>against that. Having setuid scripts is inherently insecure. The
>insecurity has nothing to do with the interpreter. It doesn't help
>making the scripts and all directories leading to it unwritable.
>
>Of course, that doesn't mean that there may not be a need for setuid
>and seteuid. It is very well possible to run python scripts as root
>and wanting to become a user. I don't see any security reason not to
>do that, as long as the script is written properly.
>
>Sjoerd Mullender
>CWI, dept. CST, Kruislaan 413, 1098 SJ Amsterdam, Netherlands
>email: Sjoerd.Mullender@cwi.nl fax: +31 20 592 4199
>phone: +31 20 592 4127 telex: 12571 mactr nl
Dan Stromberg - OAC/DCS strombrg@uci.edu