On Mar 30, 6:47 pm, bieff...@gmail.com wrote: > On Mar 30, 1:16 pm, Rustom Mody <rustompm...@gmail.com> wrote: > > > > > Ben Finney wrote > > > > The key thing to realise is that, having relinquished privilege, the same > > > process can't get it back again as easily. So if you need to > > > do some tasks as a privileged user, do those *very* early and then drop > > > the privileges for the rest of the life of the process. > > > > Taking this further, you should isolate exactly what tasks need root > > > privilege into a separate process altogether, and make > > > that process as well-tested and simple as possible: it should do nothing > > > *but* those tasks for which it needs root privilege. > > > I dont think this would be easy or convenient (if at all possible) in my > > case. > > > I am trying to write a tiny web based application that will give an > > overall picture of LVM, Volume groups, Raid, SCSI and the underlying > > disk partitions. The administrative tools dealing with low level > > storage stack (e.g. fdisk, pvcreate, vgcreate, lvcreate, mdadm etc.) > > need to be run as root. > > > However since this runs behind apache. Apache creates a separate user > > for the webserver. Hence the CGI scripts or any other tools that they > > call run as that user. > > > The solution currently is > > - Write the CGI program in C, put setuid(0), setgid(0) statements in > > that file and then perform any other actions (including calling other > > scripts) > > - Set the S bit of the executable of the CGI binary compiled from the > > C file (chmod +S xxx.cgi) > > > Yeah yeah "Security! HOLE!!" etc but please note that this is running > > on linux on vmware on an otherwise secure system. > > > So whats the best way of doing this in python? > > Have a 'server process' running with root privilege ( a script started > by a privileged account) and implement a protocol to ask for system > info from your cgi scripts under apache. In python this is a lot > easier than it sounds. > The simplest case would be that to send a 'system command' to the > server through a unix socket, the server > executes the command as received and returns the command output. Not > more than a day work, I believe. Not much more secure that > a setuid python script, also, maybe less :-)
Well the current C root owned setuid-ing and calling out to shell is simple enough I guess. The shell could be replaced by python of course. > A better implementation would be such that the protocol only allows > for a set of pre-defined safe requests ... -- http://mail.python.org/mailman/listinfo/python-list
