Secure scripts variables

Florian Lindner wrote:

Hello,
given the following situation:

I have a script which is readable and executable by a user, but not
writable.
The users executes the scripts, it reads in a value and based on this
value it computes a result and stores it in a variable.
Can the user read out the value of this variable?
Yes.
If yes, can he be prevented to do so?
Only if the sensitive part of your script runs under different
user. See thread about storing passwords in a script:

http://groups-beta.google.com/group/...e4c114c5114e92

(It's a ordinary user on a Linux system with access to the python
interpreter.)

If there is a will, there is a way :) I used to run a persistant server
on Solaris as ordinary user. The trick is to create an entry in crontab
that will periodically (every 10 minutes) check if your server is
running, if not, start it up. Note however, after that it's not a good
idea to keep sensitive files in your home directory (like your tax
forms or browsing history), because if you make an error in your server
and it will be hacked, then you risk exposing all your files.
Serge.

Florian Lindner <Fl*************@xgm.de> writes:

I have a script which is readable and executable by a user, but not
writable.
The users executes the scripts, it reads in a value and based on this value
it computes a result and stores it in a variable.
Can the user read out the value of this variable? If yes, can he be
prevented to do so?

I don't really understand the question. The user could, for example,
run the Python interpreter under a debugger, and examine its internal
state step by step during execution.

What you really want is a setuid script. That can do what you want,
but you have to write them very carefully.

Paul Rubin wrote:

Florian Lindner <Fl*************@xgm.de> writes:

I have a script which is readable and executable by a user, but not
writable.
The users executes the scripts, it reads in a value and based on this
value it computes a result and stores it in a variable.
Can the user read out the value of this variable? If yes, can he be
prevented to do so?

I don't really understand the question. The user could, for example,
run the Python interpreter under a debugger, and examine its internal
state step by step during execution.

What you really want is a setuid script. That can do what you want,
but you have to write them very carefully.

AFAIK scripts can't be setuid? Can you tell me what you mean and how to do
it?

Florian

Florian Lindner <Fl*************@xgm.de> writes:

AFAIK scripts can't be setuid? Can you tell me what you mean and how to do
it?

Actually it looks like Linux doesn't support setuid scripts. I
thought the feature had been restored. There is a well-known security
hole but there are workarounds for it and some of the BSD-derived
Unixes implement those. And there is a special hack for Perl that
uses an accessory setuid C program to run setuid Perl scripts--maybe
something like it could be written for Python.

Anyway, the simple workaround is to write a simple C wrapper that
invokes the Python interpreter on your script. Make sure to use a
complete path to specify where your script is. From the "perlsec"
documentation:

#define REAL_PATH "/path/to/script"
main(ac, av)
char **av;
{
execv(REAL_PATH, av);
}

Compile this wrapper into a binary executable and then make it rather
than your script setuid or setgid.

http://supportweb.cs.bham.ac.uk/docu...d/perlsec.html

You have to be very careful writing these scripts since there are all
kinds of errors you can make. Perl's "taint checking" feature helps
catch a lot of those and it would be good if Python had something
similar.