[issue6485] is_finished not exported by zlib
New submission from Travis H. : The zlib C library has the capability to indicate the end of a compressed stream by returning a Z_STREAM_END from a call to inflate. This allows uncompressed data to follow some compressed data. It is necessary to know when the end of the compressed stream has been reached so that one can query the "unused_data" attribute. However, there is no way for python to know that the end of a compressed stream has been reached. I will shortly be submitting a small patch that creates a python integer attribute called "is_finished" which evaluates to 1 when the end of a compressed stream has been reached. -- components: Extension Modules messages: 90521 nosy: solinym severity: normal status: open title: is_finished not exported by zlib versions: Python 2.6 ___ Python tracker <http://bugs.python.org/issue6485> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6508] expose setresuid
New submission from Travis H. : Python should expose setresuid in the same module that exposes setuid. The reason why is complicated, but is best explained here: http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf I might work on a patch to implement this. -- components: Extension Modules messages: 90642 nosy: solinym severity: normal status: open title: expose setresuid versions: Python 3.2 ___ Python tracker <http://bugs.python.org/issue6508> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6508] expose setresuid
Travis H. added the comment: should also expose setresgid for same reason. Paper also defines a higher-level API in section 8.2.1 that would probably be worth implementing. -- ___ Python tracker <http://bugs.python.org/issue6508> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5210] zlib does not indicate end of compressed stream properly
Travis H. added the comment: What kind of tests did you have in mind? Unit tests in python, or something else? -- nosy: +solinym ___ Python tracker <http://bugs.python.org/issue5210> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5210] zlib does not indicate end of compressed stream properly
Travis H. added the comment: Attaching unit test diff Output of "diff -u test_zlib.py~ test_zlib.py" -- Added file: http://bugs.python.org/file14745/zlib_finished_test.txt ___ Python tracker <http://bugs.python.org/issue5210> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5210] zlib does not indicate end of compressed stream properly
Travis H. added the comment: zlibmodule.c.diff Implements all the suggested features, but I'm not exactly sure whether it handles reference counts properly. -- Added file: http://bugs.python.org/file14762/zlibmodule.c.diff ___ Python tracker <http://bugs.python.org/issue5210> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5210] zlib does not indicate end of compressed stream properly
Travis H. added the comment: Diff to tests Implements all suggested changes save one: I wasn't sure how to test that is_finished is clear one byte before the end of the compressed section. Instead, I test that it is clear before I call the compression routine. -- Added file: http://bugs.python.org/file14763/test_zlib.py.diff ___ Python tracker <http://bugs.python.org/issue5210> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6758] implement new setuid-related calls and a standard way to drop all privileges
New submission from Travis H. : It should be easier to write network servers and setuid programs in python. One of the troublesome issues is that the semantics of the setuid/getuid-related calls are quite complicated. There are two papers on this subject that form the background of this feature request: http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf http://www.cs.berkeley.edu/~daw/papers/setuid-login08b.pdf In general, then, the end goal is a safe (portable, secure) way to drop privileges either temporarily or permanently. Wagner et. al. have proposed a decent interface, but it's unclear to me where it should be implemented. Furthermore, it makes use of the getresuid/setresuid calls (among many others), which don't appear from their manpages to be standardized by POSIX, but are available in most modern Unix OSes. So this leaves me with two questions; have these functions been standardized, and if not, where should they be implemented? I'm willing to do the coding, but need some guidance on where to put the code. -- messages: 91835 nosy: solinym severity: normal status: open title: implement new setuid-related calls and a standard way to drop all privileges type: feature request versions: Python 2.7, Python 3.2 ___ Python tracker <http://bugs.python.org/issue6758> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6758] implement new setuid-related calls and a standard way to drop all privileges
Travis H. added the comment: The posixmodule.c seems to have a lot of really complex CPP logic about what chunks to compile. If the target is to put the code there, I would have to be guessing - next to the HAVE_GETEUID looks promising. But wouldn't it be better to have the configure script check for the presence of e.g. getresuid and compile it iff it finds it? So that sounds like some work with the autoconf script... -- ___ Python tracker <http://bugs.python.org/issue6758> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6758] implement new setuid-related calls and a standard way to drop all privileges
Travis H. added the comment: The routines necessary for implementing Wagner's API for dropping privileges are: sysconf function: available in os module _SC_NGROUPS_MAX constant: unsure abort function: available in os module getresuid function: needs implementing[1] getresgid function: needs implementing[1] [1] Not POSIX but available on Linux, HP/UX, FreeBSD, OpenBSD, DragonFlyBSD. Not available on Solaris, AIX, NetBSD, OSX, cygwin. Since Wagner points out that the non-standard function calls actually have clearer/better semantics, perhaps the way to do all this is in its own module, instead of trying to shove it into an existing module.. -- ___ Python tracker <http://bugs.python.org/issue6758> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue5210] zlib does not indicate end of compressed stream properly
Travis H. added the comment: Figured out how to test is_finished attribute of the zlib module properly. -- Added file: http://bugs.python.org/file14764/test_zlib.py.diff ___ Python tracker <http://bugs.python.org/issue5210> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6758] implement new setuid-related calls and a standard way to drop all privileges
Travis H. added the comment: This is my first stab at creating a "privilege" module that implements the API suggested in the second aforementioned paper. It is syntactically correct but has some TODO items in it that must be completed before it will work. Any suggestions on this code would be greatly appreciated. -- Added file: http://bugs.python.org/file14766/privilege.py ___ Python tracker <http://bugs.python.org/issue6758> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6758] implement new setuid-related calls and a standard way to drop all privileges
Travis H. added the comment:
On Fri, Aug 21, 2009 at 08:42:43PM +, Martin v. L??wis wrote:
>
> Martin v. L??wis added the comment:
>
> > It would still be nice to have the currently unimplemented platform
> > wrappers added to the standard library, though. For example, as solinym
> > pointed out, getresuid and getresgid are not currently wrapped at all.
> > There may be other low-level APIs which may be missing as well.
>
> Ah, ok. A patch for to add these specifically would be easy to add;
> contributions are welcome.
I kind of have two bugs going for the same thing; one is 6758 the other is 6508.
I've posted code that implements the calls using ctypes to
{get,set}res{uid,gid} in issue6758. It's not quite done.
With regard to putting these calls into the standard library, I'm not
sure where they should go. If I put them in os, which maps to
posixmodule.c, then I'll be adding non-POSIX calls to something
seemingly only for POSIX calls.
Also the code in there has a lot of conditional CPP logic and
interactions with the configure script. So that could be a difficult
task to just jump into, since it has been a while since I dealt with
autoconf.
I really would like these routines exposed, but I don't know the best
way to do it and coudl use some guidance.
--
Obama Nation | My emails do not have attachments; it's a digital signature
that your mail program doesn't understand. |
http://www.subspacefield.org/~travis/
If you are a spammer, please email j...@subspacefield.org to get blacklisted.
--
title: implement new setuid-related calls and a standard way to drop all
privileges -> implement new setuid-related calls and a standard way to drop all
privileges
___
Python tracker
<http://bugs.python.org/issue6758>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6508] expose setresuid
Travis H. added the comment: Where would be the best place to put these non-POSIX calls? I looked at posixmodule.c and it's a mess; much conditional CPP logic governing what gets compiled, not clear where I should add something like this there - if I should at all, since these routines are not POSIX routines. Perhaps there should be a module called Unix or something? Also, knowing whether the functions were avaiable at compile time would be tricky; some Unix OSes have them and others don't. It sounds like a job for autoconf to define HAVE_SETRESUID and other CPP definitions like that so we can compile cleanly and portably... Thoughts? -- ___ Python tracker <http://bugs.python.org/issue6508> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6508] expose setresuid
Travis H. added the comment:
I have coded up a first draft at implemented {get,set}res{gid,uid}
functions. This completes the exposure of the user and group setting
functions, and enables python programmers to be able to safely drop
privileges, for example when running network daemons as root that need
to drop down to user privileges, or writing a setuid program which needs
to do the same.
I cannot test this in my current environment because I'm stuck with Red
Hat and it does not have a recent enough automake to re-create configure
from configure.in.
--
versions: +Python 2.6 -Python 3.2
Added file: http://bugs.python.org/file14903/foo.txt
___
Python tracker
<http://bugs.python.org/issue6508>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6508] expose setresuid
Travis H. added the comment: Simplified if/else chaining Uploading here before testing on new machine (m4 was too old on previous machine) -- Added file: http://bugs.python.org/file14918/foo.txt ___ Python tracker <http://bugs.python.org/issue6508> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6508] expose setresuid
Travis H. added the comment: I applied the same patch to Python 2.6.2 and believe that I got the tab/space situation worked out so that it's consistent with the rest of posixmodule.c I also executed autoconf to convert configure.in to configure, and judging by the config.log, it is testing for and finding setresuid and friends. It is also defining HAVE_SETRESUID to 1 as expected. However, when I execute this python and import os (or posix), it says that module doesn't have the setresuid attribute. I ran "strings" on libpython2.6a and found that it has the strings "setuid" and "setreuid" as expected, but not my "setresuid". Does anyone have any idea why this might be? I'm trying hard to get this into python but I'm not an expert on how the build works. -- keywords: +patch Added file: http://bugs.python.org/file14919/setresuid.patch ___ Python tracker <http://bugs.python.org/issue6508> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6508] expose setresuid
Travis H. added the comment:
This patch fixes a number of typos in the original and, to my knowledge,
is now complete.
I have tested this manually and confirmed that it works. I would start
as root, setresuid/gid to some non-root uid/gids, getresuid/gid to test
those functions, and follow it up with os.system("id") to check using an
outside utility.
--
Added file: http://bugs.python.org/file14923/res.patch
___
Python tracker
<http://bugs.python.org/issue6508>
___
___
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue6508] expose setresuid
Travis H. added the comment: On Fri, Sep 18, 2009 at 07:44:56AM +, Martin v. L??wis wrote: > > Your patch looks good (except that in getresuid, you seem to be missing > return). I have no clue why it doesn't work; I'll see whether I can try it > out on Linux within the next few weeks. I am testing it out now on a more up-to-date machine. > The one puzzling detail is that you don't include a patch to > pyconfig.h.in: did you run autoheader? No, I did not - it has been a long time since I was familiar with autotools - and that was why there was no access to these functions when I compiled before. I've now got a complete, tested patch up on bugs.python.org -- Obama Nation | My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email j...@subspacefield.org to get blacklisted. -- ___ Python tracker <http://bugs.python.org/issue6508> ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
