Re: Special setuid wrapper for Mango

From: Olav Vitters <olav bkor dhs org>
To: Tobias Mueller <muelli cryptobitch de>
Cc: gnome-infrastructure gnome org
Subject: Re: Special setuid wrapper for Mango
Date: Tue, 3 Nov 2009 21:39:10 +0100

On Tue, Nov 03, 2009 at 12:36:53PM +0000, Tobias Mueller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Aloha,
> 
> On 30.07.2009 13:42, Olav Vitters wrote:
> > Could someone write a setuid wrapper for me?
> > 
> I finally had time to do it.

Thanks! Really appreciated. Still haven't worked more on Mango, but now
I have something to implement :-)

> The should be pretty secure. I can't think of any vulnerabilities.
> > called it
> That is saved in saved_uid which is retrieved through getresuid().
> 
> > Could someone write above for me, securely?
> > 
> Well, I'm not using system() since it'd inherit the environment, which
> contains at least the IFS, PATH or PYTHONPATH environment variable. This
> can be a problem. So using exec() family, one can define the
> environment. So you might want to adapt this since you'll need a
> PYTHONPATH, I guess.

Shouldn't need PYTHONPATH. But would need another environment variable,
so appreciate that I can easily set it.

-- 
Regards,
Olav

References:
- Re: Special setuid wrapper for Mango
  - From: Tobias Mueller

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]