[Python-Dev] Pondering some changes to python.c... (original) (raw)

Andrew Koenig ark@research.att.com
07 Apr 2002 10:07:03 -0400


Sean> It would seem that if you were to unset LD_LIBRARY_PATH and Sean> PYTHONPATH (I'm probably missing something), and then pick up Sean> the priveleges specified in argv[1], that you could safely do Sean> SUID Python. Some folks I've mentioned it to seem to think it's Sean> just a bad idea to have an SUID python, but I think it's better Sean> to solve the problems once than have people re-inventing the Sean> wheel badly...

You might want to be careful about LD_LIBRARY_PATH -- if the executable is built for dynamic linking, and it needs a library that's not in /usr/lib, mightn't changing LD_LIBRARY_PATH cause it to fail?

-- Andrew Koenig, ark@research.att.com, http://www.research.att.com/info/ark