Hello, Historically, I have used scripting languages like python for typical uses, but they tend to not fare very well at system programming; for close interfacing with the operating system, I'm often forced to use a language like C. This is undesirable to me.
I do not think this has to be the case; I see no reason why a scripting language can't implement more of the system call API, at the risk of having some OS-dependent modules. I would actually like to see more network servers written in scripting languages, as they neatly avoid buffer overflow and integer overflow issues with no extra effort. One BIG roadblock to doing this is when they can't manage to drop permissions properly. I am suggesting that the setresuid function be added to python, perhaps in the OS module, because it has the clearest semantics for manipulating user ids. The reason why is best described in the following paper: http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf One argument against this is that it is not specified by POSIX, and thus might be dismissed as "implementation dependent". However, as the paper above demonstrates, even though the setuid system call is defined by POSIX, it already has system-dependent behavior. POSIX provides for at least two different behaviors of the setuid call, and even more if you consider that it leaves what constitutes "appropriate privileges" up to the OS kernel. I humbly propose that python implement all the routines necessary to securely drop privileges, to enable construction of network daemons that might need to drop privileges from root to some non-root userid (e.g. mail transfer agents, or POP/IMAP servers). Furthermore, where there are multiple system calls to achieve this effect, it should implement the ones with the clearest semantics, and setresuid fits that bill. To see what an utter mess the uid-manipulation routines are in, I refer you once again to this paper, as the situation is too complicated to describe in this email: http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf Opinions? Best, Travis -- Obama Nation | My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted.
pgpVyRpXxMRRP.pgp
Description: PGP signature
-- http://mail.python.org/mailman/listinfo/python-list
