secure priv-dropping code in python

[travis+ml-dailydave () subspacefield org]

Hey I wrote this code to safely and portably* drop permissions in
python a while back and just realized that people here might be
interested:

http://www.subspacefield.org/~travis/python/privilege/

[*] Caveat; OS-portable, not sure if it's portable between 32 and 64
    bit arches yet.  Need to think about (& test) Python c_uint size
    vs sizeof(uid_t) on 64 bit arches.

Implements design from these papers:
http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf
http://www.cs.berkeley.edu/~daw/papers/setuid-login08b.pdf

I also submitted a patch to python that implements setres[ug]id natively,
rather than having to load libc like I do in the code above.  Not sure
what its status is, but general response was good.
-- 
In God We Trust; From Everyone Else, We Need Source Code.
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/ 
If you are a spammer, please email john () subspacefield org to get blacklisted.

Attachment: _bin
Description:

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave