Author solinym
Recipients solinym
Date 2009-08-21.18:49:34
SpamBayes Score 9.55726e-06
Marked as misclassified No
Message-id <1250880577.62.0.941118593261.issue6758@psf.upfronthosting.co.za>
In-reply-to
Content
It should be easier to write network servers and setuid programs in
python.  One of the troublesome issues is that the semantics of the
setuid/getuid-related calls are quite complicated.

There are two papers on this subject that form the background of this
feature request:
http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf
http://www.cs.berkeley.edu/~daw/papers/setuid-login08b.pdf

In general, then, the end goal is a safe (portable, secure) way to drop
privileges either temporarily or permanently.

Wagner et. al. have proposed a decent interface, but it's unclear to me
where it should be implemented.

Furthermore, it makes use of the getresuid/setresuid calls (among many
others), which don't appear from their manpages to be standardized by
POSIX, but are available in most modern Unix OSes.  So this leaves me
with two questions; have these functions been standardized, and if not,
where should they be implemented?

I'm willing to do the coding, but need some guidance on where to put the
code.
History
Date User Action Args
2009-08-21 18:49:37solinymsetrecipients: + solinym
2009-08-21 18:49:37solinymsetmessageid: <1250880577.62.0.941118593261.issue6758@psf.upfronthosting.co.za>
2009-08-21 18:49:36solinymlinkissue6758 messages
2009-08-21 18:49:35solinymcreate