>>>>> "AK" == Andrew Koenig <ark@research.att.com> writes:
Sean> It would seem that if you were to unset LD_LIBRARY_PATH and
Sean> PYTHONPATH (I'm probably missing something), and then pick
Sean> up the priveleges specified in argv[1], that you could
Sean> safely do SUID Python. Some folks I've mentioned it to seem
Sean> to think it's just a bad idea to have an SUID python, but I
Sean> think it's better to solve the problems once than have
Sean> people re-inventing the wheel badly...
AK> You might want to be careful about LD_LIBRARY_PATH -- if the
AK> executable is built for dynamic linking, and it needs a
AK> library that's not in /usr/lib, mightn't changing
AK> LD_LIBRARY_PATH cause it to fail?
It might indeed, although some *nixes have ways for the sysadmin to
safely extend the default lookup path (i.e. /etc/ld.so.conf and
ldconfig).
-Barry
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4