Dailydave mailing list archives
secure priv-dropping code in python
From: travis+ml-dailydave () subspacefield org
Date: Mon, 8 Feb 2010 16:13:22 -0800
Hey I wrote this code to safely and portably* drop permissions in python a while back and just realized that people here might be interested: http://www.subspacefield.org/~travis/python/privilege/ [*] Caveat; OS-portable, not sure if it's portable between 32 and 64 bit arches yet. Need to think about (& test) Python c_uint size vs sizeof(uid_t) on 64 bit arches. Implements design from these papers: http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf http://www.cs.berkeley.edu/~daw/papers/setuid-login08b.pdf I also submitted a patch to python that implements setres[ug]id natively, rather than having to load libc like I do in the code above. Not sure what its status is, but general response was good. -- In God We Trust; From Everyone Else, We Need Source Code. My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email john () subspacefield org to get blacklisted.
Attachment:
_bin
Description:
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- secure priv-dropping code in python travis+ml-dailydave (Feb 09)