Why don't you write a python extension module? This is a perfect opportunity for that.
-- mahmoud mack abdelkader http://blog.mahmoudimus.com/ On Fri, Jul 17, 2009 at 4:01 PM, <travis+ml-pyt...@subspacefield.org<travis%2bml-pyt...@subspacefield.org> > wrote: > Hello, > > Historically, I have used scripting languages like python for typical > uses, but they tend to not fare very well at system programming; for > close interfacing with the operating system, I'm often forced to use a > language like C. This is undesirable to me. > > I do not think this has to be the case; I see no reason why a > scripting language can't implement more of the system call API, at the > risk of having some OS-dependent modules. I would actually like to > see more network servers written in scripting languages, as they > neatly avoid buffer overflow and integer overflow issues with no extra > effort. > > One BIG roadblock to doing this is when they can't manage to drop > permissions properly. > > I am suggesting that the setresuid function be added to python, > perhaps in the OS module, because it has the clearest semantics for > manipulating user ids. The reason why is best described in the > following paper: > > http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf<http://www.eecs.berkeley.edu/%7Edaw/papers/setuid-usenix02.pdf> > > One argument against this is that it is not specified by POSIX, and > thus might be dismissed as "implementation dependent". > > However, as the paper above demonstrates, even though the setuid > system call is defined by POSIX, it already has system-dependent > behavior. POSIX provides for at least two different behaviors of the > setuid call, and even more if you consider that it leaves what > constitutes "appropriate privileges" up to the OS kernel. > > I humbly propose that python implement all the routines necessary to > securely drop privileges, to enable construction of network daemons > that might need to drop privileges from root to some non-root userid > (e.g. mail transfer agents, or POP/IMAP servers). > > Furthermore, where there are multiple system calls to achieve this > effect, it should implement the ones with the clearest semantics, and > setresuid fits that bill. To see what an utter mess the uid-manipulation > routines are in, I refer you once again to this paper, as the situation > is too complicated to describe in this email: > > http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf<http://www.eecs.berkeley.edu/%7Edaw/papers/setuid-usenix02.pdf> > > Opinions? > > Best, > Travis > -- > Obama Nation | My emails do not have attachments; it's a digital signature > that your mail program doesn't understand. | > http://www.subspacefield.org/~travis/<http://www.subspacefield.org/%7Etravis/> > If you are a spammer, please email j...@subspacefield.org to get > blacklisted. > > -- > http://mail.python.org/mailman/listinfo/python-list > >
-- http://mail.python.org/mailman/listinfo/python-list
