Hi all,
I would like to ask your insight a way to handle securely files that need to
arrive in root privileged directory from a user application written in
python.
In my specific case, the user application will create a file and copy it to
/etc/events.d which will be executed on the next boot.
At the moment, I'm making use of the rootsh package feature and the (very
ugly but functional) call to copy the user created/modified file back like
this:
os.system('echo "cp %s %s"|root' % (Path + ConfigFile, MainPath + MainFile))
My questions basically are:
1. Is there a way that I could avoid the use of the rootsh? (Maybe setuid or
something?)
2. Could I add the rootsh package in the dependencies of my package?
3. Is it a security hole if I give 'rw' privileges to the user for this file
in /etc/events.d?
Thanks for any thoughts,
Chris
_______________________________________________
maemo-developers mailing list
maemo-developers@maemo.org
https://lists.maemo.org/mailman/listinfo/maemo-developers
