473,385 Members | 1,555 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > running python scripts with 'sudo'

Join Bytes to post your question to a community of 473,385 software developers and data experts.

Running Python Scripts With 'sudo'

Given that setuid is a Bad Thing for scripts, what is the general consensus
here on running a Python script via 'sudo' to give it root system access?
Is this reasonably secure, or am I still asking for trouble?

TIA,
--
----------------------------------------------------------------------------
Tim Daneliuk tu****@tundraware.com
PGP Key: http://www.tundraware.com/PGP/

Jul 18 '05 #1
2 3712
Tim Daneliuk wrote:
Given that setuid is a Bad Thing for scripts, what is the general consensus
here on running a Python script via 'sudo' to give it root system access?
Is this reasonably secure, or am I still asking for trouble?

TIA,


The value of "sudo" is that everyone must authenticate as themselves,
and sudo logs all activity. Therefore the system administrators can
partition responsibility and know from the logs exactly who did what.

The risks involved with setuid scripts involve the exploitation of race
conditions within the kernel, IIRC, and since the root permissions are
established by sudo for the invoking process, I believe sudo would
eliminate the risks involved (because the setuid bit would no longer be
used on the script).

regards
Steve
--
Meet the Python developers and your c.l.py favorites March 23-25
Come to PyCon DC 2005 http://www.pycon.org/
Steve Holden http://www.holdenweb.com/
Jul 18 '05 #2
Does "sudo" sanitize the environment? Imagine that the user can set
PYTHONPATH, PYTHONINSPECT, etc.

Beyond that, you have the same problems as with any code that runs with
"extra privileges". Can the user supply any code that is fed to
patently unsafe primitives (like the unpickler, eval() or the exec
statement)? If your program opens files with user-controlled names, did
you make all the right checks?

Jeff

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCJizoJd01MZaTXX0RAvBnAKCtvhaxQn5aDGIhcmBCfX gMX+8CUgCeLI3Z
H7bQM84BbIKHWvuAKh59Yb0=
=J0mR
-----END PGP SIGNATURE-----

Jul 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Running mod_python on Apache on Windows2000 *
by: Rolfe | last post by:
Hi, I struggled, and got mod_python running on Apache/Win2k. Follow these instructions verbatim and you shouldn't have any trouble. These instructions are based on...
Python
5
sudo open() ? (python newbee question)
by: slava | last post by:
hello, i am writing a python script that will be run by a non root user the script needs to open a file in write mode that is owned by root file = open('/etc/apt/sources.list', 'r+') ...
Python
16
python on Mac
by: Thomas Nelson | last post by:
I just purchased a new macbook (os 10.4.6), and I'm trying to install python 2.4 on it. I downloaded and ran the two installers recommended at http://www.python.org/download/mac/. Now I have...
Python
8
Running Python scripts under a different user
by: Bernard Lebel | last post by:
Hello, I would like to know if there is a way to run a Python file under a different user account than the one logged in. Allow me to explain. There are a bunch of people here, they are "basic...
Python
5
Mounting shares with python
by: Marcpp | last post by:
Hi, when i mount a share with python... os.system ("mount -t smbfs -o username=nobody ...") the problem is that I'll to be root. Have a comand to send a root password...? I've tried ...
Python
27
Future Python Gui?
by: bcwhite | last post by:
I've been trying to find out what the future of Python is with regard to Tk. It seems there are several interfaces that make use of new functionality, including "Tile" and "Ttk". If I want to...
Python
12
Hot subject: a good python editor and/or IDE?
by: =?ISO-8859-1?Q?S=E9bastien?= | last post by:
Hi folks, I am currently using Eclipse+PyDev when developping Python projects but I lack a fast, simple editor for tiny bit of scripts. So here is my question: what is, for you, the current best...
Python
8
Huge problem gettng MySQLdb to work on my mac mini running Macosx10.5 Leopard
by: geert | last post by:
Hi all, I have a mac mini running maocosx 10.5 leopard I want to deploy a django project on. My backend is MySQL, and I have it running as a 64- bit app. Of course, apache2 is also running as...
Python
1
CGIHTTPServer webserver running php scripts
by: mpc | last post by:
hello, how does one run a PHP page with a python webserver? Lets say i have a simple python web server running /path/webserver.py #!/usr/bin/env python from BaseHTTPServer import HTTPServer...
Python
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!