Re: Special setuid wrapper for Mango
- From: Olav Vitters <olav bkor dhs org>
- To: Tobias Mueller <muelli cryptobitch de>
- Cc: gnome-infrastructure gnome org
- Subject: Re: Special setuid wrapper for Mango
- Date: Tue, 3 Nov 2009 21:39:10 +0100
On Tue, Nov 03, 2009 at 12:36:53PM +0000, Tobias Mueller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> On 30.07.2009 13:42, Olav Vitters wrote:
> > Could someone write a setuid wrapper for me?
> I finally had time to do it.
Thanks! Really appreciated. Still haven't worked more on Mango, but now
I have something to implement :-)
> The should be pretty secure. I can't think of any vulnerabilities.
> > called it
> That is saved in saved_uid which is retrieved through getresuid().
> > Could someone write above for me, securely?
> Well, I'm not using system() since it'd inherit the environment, which
> contains at least the IFS, PATH or PYTHONPATH environment variable. This
> can be a problem. So using exec() family, one can define the
> environment. So you might want to adapt this since you'll need a
> PYTHONPATH, I guess.
Shouldn't need PYTHONPATH. But would need another environment variable,
so appreciate that I can easily set it.
] [Thread Prev