[Python-Dev] Pondering some changes to python.c... (original) (raw)

Barry A. Warsaw barry@zope.com
Sun, 7 Apr 2002 12:26:01 -0400

"AK" == Andrew Koenig <ark@research.att.com> writes:

Sean> It would seem that if you were to unset LD_LIBRARY_PATH and
Sean> PYTHONPATH (I'm probably missing something), and then pick
Sean> up the priveleges specified in argv[1], that you could
Sean> safely do SUID Python.  Some folks I've mentioned it to seem
Sean> to think it's just a bad idea to have an SUID python, but I
Sean> think it's better to solve the problems once than have
Sean> people re-inventing the wheel badly...

AK> You might want to be careful about LD_LIBRARY_PATH -- if the
AK> executable is built for dynamic linking, and it needs a
AK> library that's not in /usr/lib, mightn't changing
AK> LD_LIBRARY_PATH cause it to fail?

It might indeed, although some *nixes have ways for the sysadmin to safely extend the default lookup path (i.e. /etc/ld.so.conf and ldconfig).

-Barry