r00t2/optools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity

adding autopkg

Browse Source
This commit is contained in:
brent s
2018-11-12 15:45:16 -05:00
parent 69d13d5c97
commit 1fc59208b6
5 changed files with 609 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
ref/python.tips_tricks_and_dirty_hacks
View File

@@ -132,3 +132,41 @@ ip.release()
----
###############################################################################
dropping privileges to non-root user (and restoring):
https://stackoverflow.com/questions/2699907/dropping-root-permissions-in-python
https://stackoverflow.com/questions/15705439/drop-root-privileges-for-certain-operations-in-python
NOTE: if you want to *remove the ability* to restore back to root privs, use os.setgid(running_gid) and os.setuid(running_uid) instead.
reference:
http://timetobleed.com/5-things-you-dont-know-about-user-ids-that-will-destroy-you/
https://nanopdf.com/download/setuid-demystified_pdf
----
import os, pwd, grp
import subprocess
my_uid = pwd.getpwuid(os.geteuid()).pw_uid
my_gid = grp.getgrgid(os.getegid()).gr_gid
my_grps = os.getgroups()
try:
os.remove('/tmp/usertest')
os.remove('/tmp/parenttest')
except:
pass
if os.getuid() != 0:
exit('need root')
running_uid = pwd.getpwnam(uid_name).pw_uid
running_gid = grp.getgrnam(gid_name).gr_gid
os.setgroups([])
os.setegid(running_gid)
os.seteuid(running_uid)
old_umask = os.umask(0o022)
subprocess.run(['touch', '/tmp/usertest'])
os.seteuid(my_uid)
os.setegid(my_gid)
os.setgroups(my_grps)
os.umask(old_umask)
subprocess.run(['touch', '/tmp/parenttest'])