Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!news.mixmin.net!rt.uk.eu.org!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.015 X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'warnings': 0.04; 'subject:Python': 0.06; 'attack.': 0.09; 'bug.': 0.09; 'sure,': 0.09; 'cc:addr:python-list': 0.11; '4gb': 0.16; 'boundary,': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'pathological': 0.16; 'subject:bit': 0.16; 'fix': 0.17; 'wrote:': 0.18; 'normally': 0.19; 'saying': 0.22; 'cc:addr:python.org': 0.22; 'looks': 0.24; 'cc:2**0': 0.24; '15,': 0.26; 'header:In- Reply-To:1': 0.27; "doesn't": 0.30; 'dos': 0.30; 'message- id:@mail.gmail.com': 0.30; "i'm": 0.30; 'work.': 0.31; 'code': 0.31; '(although': 0.31; 'concern': 0.31; 'quite': 0.32; 'cases': 0.33; 'subject:the': 0.34; 'could': 0.34; 'something': 0.35; 'form.': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'useful': 0.36; 'possible': 0.36; 'turn': 0.37; 'massive': 0.38; 'richard': 0.38; 'fact': 0.38; 'pm,': 0.38; 'moving': 0.39; 'enough': 0.39; 'how': 0.40; 'even': 0.60; 'easy': 0.60; 'happen': 0.63; 'more': 0.64; 'obvious': 0.74; '*and*': 0.84; 'forward.': 0.84; 'imagination': 0.84; 'to:none': 0.92 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type:content-transfer-encoding; bh=j85TJvjaKrbqAcnEUQnZfB7kRFJJVmMs6oJRsoSyoMo=; b=kqOAHx4Ak40u2jwoDXm9wBFGPdlbcItE3ep92TWHeUNqsZBlrwUTnyCinhsKUfG1Id flxMHhP1t+soK3axXFOd0Q511+QHex1nOV3Ljx+MZoTxsg6SRoYzrXpM3lH8nl2F5hWt W5Gqsk3NkUHieC4qL+EX9bO0HfGMKNV9ejkOBHznjWxXy2K/ys2u2WCf+E9bcXvd1BA+ D0PJncLGPE41o6ba/fdBtZTqqFx9me5W4ydF6ZEJ3BrKFSU6JTxXHxdNEzhXGq+31hQg 5EvDnevo9W2MRMxKC8iD7r6XSFuWvHKRJ2mIjhzKnrVP1RB4y8aXj052yNbr7Gx4GPgy SG+g== MIME-Version: 1.0 X-Received: by 10.52.78.231 with SMTP id e7mr417794vdx.28.1397554546235; Tue, 15 Apr 2014 02:35:46 -0700 (PDT) In-Reply-To: References: Date: Tue, 15 Apr 2014 19:35:46 +1000 Subject: Re: Python, Linux, and the setuid bit From: Chris Angelico Cc: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 20 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1397554549 news.xs4all.nl 2963 [2001:888:2000:d::a6]:60225 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:70265 On Tue, Apr 15, 2014 at 7:28 PM, Richard Kettlewell w= rote: > This program is on a security boundary, the pathological cases are > precisely the ones the attacker looks for. > > (It=E2=80=99s hard to see how an attacker could turn this into a useful a= ttack. > But perhaps the attacker has more imagination than me.) Quite frankly, I don't even care :) It's easy enough to fix the bug. The idiomatic code will compile without warnings *and* be secure, so I'm not seeing any reason to use the existing form. All I'm saying is that it's normally going to happen to work; sure, an attacker might well be able to get into something (although if you can generate 4GB of environment, the fact that it doesn't get zeroed is likely to be less of a concern than the massive DOS potential of a huge env!!), but casual usage will have it seeming to work. The obvious solution is right in every possible way, so that's the thing to do moving forward. ChrisA