[Twisted-Python] Re: Switch to a different uid/gid after binding reserved ports (G

W.J. miathan at goliath.darktech.org
Mon Jun 9 08:33:00 EDT 2003


> I have now had a chance to test this on HP-UX11i and have discovered a
> problem.
> 
> The code for Application.setUID() calls os.getgid() expecting it to
> return 0

Why on earth would you want to check or enforce someone is in group 0? 
Being in group 0 doesn't have any 'magic' like uid 0 has, well, it 
might have on some operating systems, but it's not a portable way.

Some unices don't even have a special *user* ID 0 but have security 
based on process privileges. You shouldn't assume setuid or setgid to 
fail/succeed based on those numbers.

IMO the best way is to just try to setuid/setgid if requested, if it is 
not allowed you'll get an EPERM soon enough anyway.

Wladimir




More information about the Twisted-Python mailing list