Bug#692529: ITP: gateone -- HTML5 web-based terminal emulator and ssh client
> I quickly browsed around a bit. The killall() function in
> gateone/utils.py looks kind of scary. It seems to kill all processes
> that contain python and gateone.py in their name. This should match
> "emacs -nw python.txt gateone.py" and might be a mild security issue
> too:
>
> for session in sessions:
> if session in cmdline:
> try:
> os.kill(pid, signal.SIGTERM)
> except OSError:
> pass # PID is already dead--great
> elif 'python' in cmdline:
> if 'gateone.py' in cmdline:
> try:
> os.kill(pid, signal.SIGTERM)
> except OSError:
> pass # PID is already dead--great
> Perhaps gateone could use cgroups?
I am the author of Gate One. You know what would be great? If you reported this issue! ;)
I just pushed a commit to the Github repo (
https://github.com/liftoff/GateOne) to make the killall function a _lot_ more explicit. However, like you said it probably wouldn't have been much of an issue in the real world (no reports of, "gateone.py killed my emacs session!" yet =).
I'll see if I can make a 1.2 or 1.1.1 release soon with the fix included.
--
Dan McDougall - Chief Executive Officer and Developer
Liftoff Software ✈ Your flight to the cloud is now boarding.
Reply to: