Apparently I need to spell it out.
This was largely meant as an example that usercustomize.py can override
most of the python interpreter.
A more effective solution (for malicious purposes) would be to wrap the os
module and have it return false info.
consider my_os.py
class MyOS(object):
uid = 1000
os = None
def getuid(self):
return self.uid
def getrealuid(self):
return self.os.getuid()
def __getattr__(self, name):
if name == 'getuid':
return self.getuid
if name == 'getrealuid':
return self.getrealuid
return getattr(self.os, name)
And usercustomize.py
import sys
from my_os import MyOS
myos = MyOS()
myos.os = sys.modules['os']
sys.modules['os'] = myos
On Thursday, March 28, 2013 9:32:44 AM UTC+1, Hartmut Goebel wrote:
>
> Am 26.03.2013 22:57, schrieb Joachim Metz:
>
> usercustomize.py
>
> which contains:
> import os
> os.setuid(1000)
> [...]
> PYTHONPATH=. ./pyinstaller/pyinstaller.py
>
>
> You basically did the same as you could do in shell-script:
>
> uname=$(getent passwd 1000 | cut -d: -f1)
> su $uname ./pyinstaller/pyinstaller.py
>
>
> Now, what happened to the "security measure" ?
>
>
> PyInstaller is not running as root, since you changes the process uid to
> 1000 then PyInstaller is starting up.
>
> --
> Schönen Gruß
> Hartmut Goebel
> Dipl.-Informatiker (univ), CISSP, CSSLP
>
> Goebel Consult
> http://www.goebel-consult.de
>
> Monatliche Kolumne:
> http://www.cissp-gefluester.de/2011-11-in-troja-nichts-neues
> Blog: http://www.goebel-consult.de/blog/20050620
>
> Goebel Consult ist Mitglied bei http://www.7-it.de/
>
--
You received this message because you are subscribed to the Google Groups
"PyInstaller" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pyinstaller?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
