|
cascabelwrapper − setuid wrapper for Cascabel interface scripts |
|
cascabelwrapper scriptname arguments ... |
|
The cascabelwrapper program is a setuid wrapper for the Cascabel Python scripts, allowing the scripts to access the database connection information which are protected by normal Unix file access controls. The cascabelwrapper program works by looking at its argv[0] to identify the script that should be called. It then changes directory to /tmp, unsets the PYTHONPATH environment variable, and executes Python with the script name as Python’s first argument and any remaining arguments following it. The script is expected to be in the CASCABELBINDIR directory, specified when Cascabel is installed. |
|
The cascabelwrapper program reports an error if it is executed under its own name or if it cannot execute Python. Any other errors are from either Python or the script. |
|
Unsetting the PYTHONPATH environment variable attempts to prevent a user from subverting the scripts by using alternate Python library modules. This may not be enough. Security problems should be limited to modifying the Cascabel database by using an otherwise unprivledged user when installing Cascabel. Please remember to keep good backups of the database. |
|
— |
Tommy M. McGuire (mcguire@cs.utexas.edu) wrote this. |
|
Please check the individual man pages for the Cascabel scripts, as well as the rest of the documentation. Also, see the Cascabel home page. http://www.cs.utexas.edu/users/mcguire/software/cascabel/ |