Bug#692529: ITP: gateone -- HTML5 web-based terminal emulator and ssh client
Ritesh Raj Sarraf <rrs@debian.org> writes:
> * Proven Security and Encryption
I quickly browsed around a bit. The killall() function in
gateone/utils.py looks kind of scary. It seems to kill all processes
that contain python and gateone.py in their name. This should match
"emacs -nw python.txt gateone.py" and might be a mild security issue
too:
for session in sessions:
if session in cmdline:
try:
os.kill(pid, signal.SIGTERM)
except OSError:
pass # PID is already dead--great
elif 'python' in cmdline:
if 'gateone.py' in cmdline:
try:
os.kill(pid, signal.SIGTERM)
except OSError:
pass # PID is already dead--great
Perhaps gateone could use cgroups?
Reply to: