1

Prerequisites:

  • python2.6
  • GNU Linux

I have some questions regarding the 'subprocess.call' behavior and securing http server.

The following code examples differ in not using/using shell:

1

sudo python -c "from subprocess import call; from os import setreuid, setregid; setreuid(1000,0); setregid(1000,0); call(['touch','./aaa'])"

produces a file owned by 'root'.

2

sudo python -c "from subprocess import call; from os import setreuid, setregid; setreuid(1000,0); setregid(1000,0); call('touch ./aaa', shell=True)"

produces a file owned by user 1000.

Questions:

What is the reason to produce a file owned by effective user in the first case and real user in the second case?

Is there a way in python2.6 (no 'setresuid') to temporarily (and safely) change user within a python code?

Is it safe to use privileged effective user for temporal real user changes to raise/lower privileges?

Community
  • 1
  • 1
Radoslaw Garbacz
  • 189
  • 1
  • 8

2 Answers2

1

This can happen when your /bin/sh is bash, as bash sets the effective user id to the real user id, unless the -p option is given at startup.

This is described in the documentation:

If Bash is started with the effective user (group) id not equal to the real user (group) id, and the -p option is not supplied, no startup files are read, shell functions are not inherited from the environment, the SHELLOPTS, BASHOPTS, CDPATH, and GLOBIGNORE variables, if they appear in the environment, are ignored, and the effective user id is set to the real user id. If the -p option is supplied at invocation, the startup behavior is the same, but the effective user id is not reset.

mata
  • 67,110
  • 10
  • 163
  • 162
0

You could use sudo:

sudo python -c "from subprocess import call; call('sudo -u unprivileged_user touch ./aaa', shell=True)"
Lyndsy Simon
  • 5,208
  • 1
  • 17
  • 21