Re: How do I add users using Python scripts on a Linux machine

In message <m2bqlctbce.fsf@xxxxxxxxxx>, Piet van Oostrum wrote:

Lawrence D'Oliveiro <ldo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> (LD) wrote:
In message <m2hcv651ta.fsf@xxxxxxxxxxxxxxx>, Piet van Oostrum wrote:

The scenario is as follows: Suppose the script starts with the line:
#!/usr/bin/python

(using #!/usr/bin/env python would be disastrous because the user could
supply his own `python interpreter' in his PATH.)

Now a malicious user can make a link to this file in his own directory,
e.g. to /Users/eve/myscript1. Because permissions are part of the file
(inode), not of the file name, this one is also suid.

Now she execs /Users/eve/myscript1. The kernel, when honoring suid
scripts, would startup python with effective uid root with the command
line: /usr/bin/env /Users/eve/myscript1

LD> No it wouldn't. This security hole was fixed years ago.

How?

Systems which allow set-uid scripts also usually support referring to open
file descriptors n via a pathname like /dev/fd/n. This might be done by
mounting a special pseudo-filesystem (fdfs) on /dev/fd. (This was how I
remember it being done on DEC UNIX.)

So when a the kernel detects that an executable file is actually a script,
it opens the script file on some file descriptor n, and passes the
name /dev/fd/n to the script interpreter, instead of the original script
pathname. That way, there is no opportunity for deceiving the process into
executing the wrong script with set-uid privileges.
.

Relevant Pages

  • Re: Terminating an embedded interpreter
    ... I'm embedding a Python interpreter, running a script in a separate thread ... how should I handle rogue scripts? ...
    (comp.lang.python)
  • Re: perl to python
    ... sed and perl can let you do all that quick command line stuff. ... into a full blown script. ... scripts, call it from the python interpreter, whatever I need. ... If I stick to the traditional unix approach, ...
    (comp.lang.python)
  • Re: Learning Tkinter
    ... and how the command option is used to call the function callback. ... gui programming to see if the python programs I have written can be made ... search their computer for this file, execute the python code and then ... This is the meaning of the test on __name__: this magical variable is set to the string '__main__' if and only if the current script is the top-most one, i.e the one you ran python on. ...
    (comp.lang.python)
  • Correct way to handle independent interpreters when embedding in a single-threaded C++ app
    ... The Python interpreter is ... interpreter and provides an extension module to expose ... manage each script runs in a new interpreter. ... globals that could cause issues. ...
    (comp.lang.python)
  • Re: bash vs. python scripts - which one is better?
    ... Quick, take your one liner, have it traverse an entire directory tree ... For me I just need to change my small script into a function, ... That is where shell falls down. ... alternatives like Python, Perl or Ruby laying around to be used. ...
    (Debian-User)