Travis H. added the comment:
On Fri, Sep 18, 2009 at 07:44:56AM +, Martin v. L??wis wrote:
>
> Your patch looks good (except that in getresuid, you seem to be missing
> return). I have no clue why it doesn't work; I'll see whether I can try it
> out on Linux within
Travis H. added the comment:
This patch fixes a number of typos in the original and, to my knowledge,
is now complete.
I have tested this manually and confirmed that it works. I would start
as root, setresuid/gid to some non-root uid/gids, getresuid/gid to test
those functions, and follow it
Travis H. added the comment:
I applied the same patch to Python 2.6.2 and believe that I got the
tab/space situation worked out so that it's consistent with the rest of
posixmodule.c
I also executed autoconf to convert configure.in to configure, and
judging by the config.log, it is testin
Travis H. added the comment:
Simplified if/else chaining
Uploading here before testing on new machine (m4 was too old on previous
machine)
--
Added file: http://bugs.python.org/file14918/foo.txt
___
Python tracker
<http://bugs.python.org/issue6
Travis H. added the comment:
I have coded up a first draft at implemented {get,set}res{gid,uid}
functions. This completes the exposure of the user and group setting
functions, and enables python programmers to be able to safely drop
privileges, for example when running network daemons as root
Travis H. added the comment:
Where would be the best place to put these non-POSIX calls?
I looked at posixmodule.c and it's a mess; much conditional CPP logic
governing what gets compiled, not clear where I should add something
like this there - if I should at all, since these routines ar
Travis H. added the comment:
On Fri, Aug 21, 2009 at 08:42:43PM +, Martin v. L??wis wrote:
>
> Martin v. L??wis added the comment:
>
> > It would still be nice to have the currently unimplemented platform
> > wrappers added to the standard library, though. Fo
Travis H. added the comment:
This is my first stab at creating a "privilege" module that implements
the API suggested in the second aforementioned paper.
It is syntactically correct but has some TODO items in it that must be
completed before it will work.
Any suggestions on this cod
Travis H. added the comment:
Figured out how to test is_finished attribute of the zlib module properly.
--
Added file: http://bugs.python.org/file14764/test_zlib.py.diff
___
Python tracker
<http://bugs.python.org/issue5
Travis H. added the comment:
The routines necessary for implementing Wagner's API for dropping
privileges are:
sysconf function: available in os module
_SC_NGROUPS_MAX constant: unsure
abort function: available in os module
getresuid function: needs implementing[1]
getresgid function:
Travis H. added the comment:
The posixmodule.c seems to have a lot of really complex CPP logic about
what chunks to compile. If the target is to put the code there, I would
have to be guessing - next to the HAVE_GETEUID looks promising.
But wouldn't it be better to have the configure s
New submission from Travis H. :
It should be easier to write network servers and setuid programs in
python. One of the troublesome issues is that the semantics of the
setuid/getuid-related calls are quite complicated.
There are two papers on this subject that form the background of this
Travis H. added the comment:
Diff to tests
Implements all suggested changes save one:
I wasn't sure how to test that is_finished is clear one byte before the
end of the compressed section. Instead, I test that it is clear before
I call the compression routine.
--
Added file:
Travis H. added the comment:
zlibmodule.c.diff Implements all the suggested features, but I'm not
exactly sure whether it handles reference counts properly.
--
Added file: http://bugs.python.org/file14762/zlibmodule.c.diff
___
Python tracker
Travis H. added the comment:
Attaching unit test diff
Output of "diff -u test_zlib.py~ test_zlib.py"
--
Added file: http://bugs.python.org/file14745/zlib_finished_test.txt
___
Python tracker
<http://bugs.python.
Travis H. added the comment:
What kind of tests did you have in mind?
Unit tests in python, or something else?
--
nosy: +solinym
___
Python tracker
<http://bugs.python.org/issue5
Travis H. added the comment:
should also expose setresgid for same reason.
Paper also defines a higher-level API in section 8.2.1 that would
probably be worth implementing.
--
___
Python tracker
<http://bugs.python.org/issue6
New submission from Travis H. :
Python should expose setresuid in the same module that exposes setuid.
The reason why is complicated, but is best explained here:
http://www.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf
I might work on a patch to implement this.
--
components
New submission from Travis H. :
The zlib C library has the capability to indicate the end of a
compressed stream by returning a Z_STREAM_END from a call to inflate.
This allows uncompressed data to follow some compressed data. It is
necessary to know when the end of the compressed stream has
19 matches
Mail list logo
