Methinks anyone using sudo to allow non-root-users to execute specific scripts without giving them full root perms is relying on security by obscurity at this point. (Ditto for setuid Python scripts BTW.) --Guido On 1/10/06, skip at pobox.com <skip at pobox.com> wrote: > > Got this from a Google alert overnight. It's not really a Python problem > (it's a sudo problem), but it's probably not a bad idea to understand the > implications. > > >> SUDO Python Environment Cleaning Privilege Escalation ... > >> Secunia - UK > >> ... This can be exploited by a user with sudo access to a python script > >> to gain access to an interactive python prompt via the "PYTHONINSPECT" > >> environment variable ... > >> <http://secunia.com/advisories/18358/> > > Skip > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org > -- --Guido van Rossum (home page: http://www.python.org/~guido/)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4