[Python-Dev] Pondering some changes to python.c...

Barry A. Warsaw barry@zope.com
Sun, 7 Apr 2002 12:26:01 -0400 

>>>>> "AK" == Andrew Koenig <ark@research.att.com> writes:

 Sean> It would seem that if you were to unset LD_LIBRARY_PATH and
 Sean> PYTHONPATH (I'm probably missing something), and then pick
 Sean> up the priveleges specified in argv[1], that you could
 Sean> safely do SUID Python. Some folks I've mentioned it to seem
 Sean> to think it's just a bad idea to have an SUID python, but I
 Sean> think it's better to solve the problems once than have
 Sean> people re-inventing the wheel badly...
 AK> You might want to be careful about LD_LIBRARY_PATH -- if the
 AK> executable is built for dynamic linking, and it needs a
 AK> library that's not in /usr/lib, mightn't changing
 AK> LD_LIBRARY_PATH cause it to fail?
It might indeed, although some *nixes have ways for the sysadmin to
safely extend the default lookup path (i.e. /etc/ld.so.conf and
ldconfig).
-Barry

AltStyle によって変換されたページ (->オリジナル) /