Bug#692529: ITP: gateone -- HTML5 web-based terminal emulator and ssh client

[Daniel McDougall <daniel.mcdougall@liftoffsoftware.com>]

> I quickly browsed around a bit. The killall() function in
> gateone/utils.py looks kind of scary. It seems to kill all processes
> that contain python and gateone.py in their name. This should match
> "emacs -nw python.txt gateone.py" and might be a mild security issue
> too:
>
>             for session in sessions:
>                 if session in cmdline:
>                     try:
>                         os.kill(pid, signal.SIGTERM)
>                     except OSError:
>                         pass # PID is already dead--great
>                 elif 'python' in cmdline:
>                     if 'gateone.py' in cmdline:
>                         try:
>                             os.kill(pid, signal.SIGTERM)
>                         except OSError:
>                             pass # PID is already dead--great
> Perhaps gateone could use cgroups?

I am the author of Gate One.  You know what would be great?  If you reported this issue!  ;)

I just pushed a commit to the Github repo (https://github.com/liftoff/GateOne) to make the killall function a _lot_ more explicit.  However, like you said it probably wouldn't have been much of an issue in the real world (no reports of, "gateone.py killed my emacs session!" yet =).

I'll see if I can make a 1.2 or 1.1.1 release soon with the fix included.

Please let me know if you encounter anything else like this.  Also, it doesn't hurt to open an issue in the tracker (next time =):  https://github.com/liftoff/GateOne/issues

-- 
Dan McDougall - Chief Executive Officer and Developer
Liftoff Software ✈ Your flight to the cloud is now boarding.