Dec-14-2019, 12:25 AM
i have a few scripts, all in Python3, that i want to be able to run with root effective uid permissions.
i am still pondering how to go about doing this. my current thinking is to use a C program to verify user rights and run the actual script with root euid enabled if appropriate. of absolute importance is not to open a means for any user to be able to run unauthorized scripts/programs of their choice or their ways with any form of escalated privilege. that C program would be where root privilege is acquired. it would then consult a configuration file to verify that user is permitted to do what is requested. i am wondering if it is safe for that C program to just run a Python3 script to do the verification logic. normally, making a script euid root is unsafe since the hash-bang method with an interpreter is unsafe since it is possible to substitutes the script name an escalated interpreter gets. if a C program has a hard-coded path for the interpreter and script, then it is up to the C program to do it right. that much is simple to do. so my next question is: how safe is it to run the correct Python script via the correct interpreter, with euid root privileges?
i am still pondering how to go about doing this. my current thinking is to use a C program to verify user rights and run the actual script with root euid enabled if appropriate. of absolute importance is not to open a means for any user to be able to run unauthorized scripts/programs of their choice or their ways with any form of escalated privilege. that C program would be where root privilege is acquired. it would then consult a configuration file to verify that user is permitted to do what is requested. i am wondering if it is safe for that C program to just run a Python3 script to do the verification logic. normally, making a script euid root is unsafe since the hash-bang method with an interpreter is unsafe since it is possible to substitutes the script name an escalated interpreter gets. if a C program has a hard-coded path for the interpreter and script, then it is up to the C program to do it right. that much is simple to do. so my next question is: how safe is it to run the correct Python script via the correct interpreter, with euid root privileges?