By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
439,957 Members | 2,017 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 439,957 IT Pros & Developers. It's quick & easy.

sudo open() ? (python newbee question)

P: n/a
hello,

i am writing a python script that will be run by a non root user
the script needs to open a file in write mode that is owned by root

file = open('/etc/apt/sources.list', 'r+')

returns permission error

how can i call sudo on open()?

thanks alot
slava
Jul 19 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
The script could be SUID Root, and you could use os.setuid immediately after
having performed the task to switch to a non-priviledged user. May be a big
security risk, if someone can alter the script, he gains root access to the
system...

sl***@crackpot.org wrote:
hello,

i am writing a python script that will be run by a non root user
the script needs to open a file in write mode that is owned by root

file = open('/etc/apt/sources.list', 'r+')

returns permission error

how can i call sudo on open()?

thanks alot
slava

Jul 19 '05 #2

P: n/a
On Tue, 14 Jun 2005 11:52:13 +0200,
Denis WERNERT <pe************@yahoo.com> wrote:
The script could be SUID Root, and you could use os.setuid immediately
after having performed the task to switch to a non-priviledged
user. May be a big security risk, if someone can alter the script, he
gains root access to the system...


I am *not* advocating suid scripts, and *ESPECIALLY NOT* suid Python
programs, but if a user can modify an unwriteable suid script owned by
root in a an unwriteable directory, then they already have root access
to the system (unless there's' a kernel or filesystem bug, in which case
all bets are off anyway).

Regards,
Dan

--
Dan Sommers
<http://www.tombstonezero.net/dan/>
Jul 19 '05 #3

P: n/a
On 14 Jun 2005 08:12:17 -0400, rumours say that Dan Sommers
<me@privacy.net> might have written:
On Tue, 14 Jun 2005 11:52:13 +0200,
Denis WERNERT <pe************@yahoo.com> wrote:
The script could be SUID Root, and you could use os.setuid immediately
after having performed the task to switch to a non-priviledged
user. May be a big security risk, if someone can alter the script, he
gains root access to the system...
I am *not* advocating suid scripts, and *ESPECIALLY NOT* suid Python
programs, but if a user can modify an unwriteable suid script owned by
root in a an unwriteable directory, then they already have root access
to the system (unless there's' a kernel or filesystem bug, in which case
all bets are off anyway).


I believe that the suid bit on scripts (either *sh or python) is
completely ignored on most *nix systems.

Try this in a shell (bash or ksh) as a sudo-capable user:

echo hello >/tmp/tmp
sudo chown root /tmp/tmp
sudo chmod 600 /tmp/tmp
cat >/tmp/ax.py <<@
#!/usr/bin/env python
x = open("/tmp/tmp", "w")
x.write("there")
x.close()
@
sudo chown root /tmp/ax.py
sudo chmod a=rx,u+s /tmp/ax.py
ls -l /tmp/ax.py /tmp/tmp
/tmp/ax.py

I get:

-r-sr-xr-x 1 root users 75 2005-06-14 16:15 /tmp/ax.py
-rw------- 1 root users 6 2005-06-14 16:15 /tmp/tmp
Traceback (most recent call last):
File "/tmp/ax.py", line 2, in ?
x = open("/tmp/tmp", "w")
IOError: [Errno 13] Permission denied: '/tmp/tmp'

--
TZOTZIOY, I speak England very best.
"Be strict when sending and tolerant when receiving." (from RFC1958)
I really should keep that in mind when talking with people, actually...
Jul 19 '05 #4

P: n/a
On Tue, 14 Jun 2005 16:18:19 +0300,
Christos "TZOTZIOY" Georgiou <tz**@sil-tec.gr> wrote:
I believe that the suid bit on scripts (either *sh or python) is
completely ignored on most *nix systems.


Most *modern* systems, yes. ;-)

I must be getting old. :-(

Regards,
Dan

--
Dan Sommers
<http://www.tombstonezero.net/dan/>
Jul 19 '05 #5

P: n/a
On Tue, 14 Jun 2005 02:21:48 -0700, sl***@crackpot.org declaimed the
following in comp.lang.python:
hello,

i am writing a python script that will be run by a non root user
the script needs to open a file in write mode that is owned by root

file = open('/etc/apt/sources.list', 'r+')

returns permission error

how can i call sudo on open()?

Don't think you can -- you'd have to invoke the /script/ using
sudo, I believe (haven't done this is quite some time; the only thing I
ran sudo on my Linux install was leafnode functions).

-- ================================================== ============ <
wl*****@ix.netcom.com | Wulfraed Dennis Lee Bieber KD6MOG <
wu******@dm.net | Bestiaria Support Staff <
================================================== ============ <
Home Page: <http://www.dm.net/~wulfraed/> <
Overflow Page: <http://wlfraed.home.netcom.com/> <

Jul 19 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.