Methinks anyone using sudo to allow non-root-users to execute specific scripts without giving them full root perms is relying on security by obscurity at this point. (Ditto for setuid Python scripts BTW.) --Guido On 1/10/06, skip at pobox.com <skip at pobox.com> wrote: >> Got this from a Google alert overnight. It's not really a Python problem > (it's a sudo problem), but it's probably not a bad idea to understand the > implications. >> >> SUDO Python Environment Cleaning Privilege Escalation ... > >> Secunia - UK > >> ... This can be exploited by a user with sudo access to a python script > >> to gain access to an interactive python prompt via the "PYTHONINSPECT" > >> environment variable ... > >> <http://secunia.com/advisories/18358/> >> Skip > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: http://mail.python.org/mailman/options/python-dev/guido%40python.org > -- --Guido van Rossum (home page: http://www.python.org/~guido/)