[tech] [ucc] New Door/Dispense Server
David Adam
zanchey at ucc.gu.uwa.edu.au
Tue Apr 12 20:03:49 WST 2011
On Tue, 12 Apr 2011, Mark Tearle wrote:
> Found a feature in the new merlo arrangement for users dispensing from the
> snack machine. Currently it requires the users shell to exist on merlo. As
> I'm counter-revolutionary tcsh
> user mine did not until moments ago.
>
> This is probably worth fixing so we don't depend on users shells and also so
> users can't do anything nasty.
>
> Mark
Mr Tearle,
$ cvs annotate VendServer.py | grep su
Annotations for VendServer.py
***************
1.77 (mtearle 09-Apr-05): # should use sudo here
1.77 (mtearle 09-Apr-05): ret = os.system('su - "%s" -c "dispense door"'%vstatus.username)
1.77 (mtearle 09-Apr-05): if ((os.system('su - "%s" -c "dispense %s"'%(vstatus.username, vstatus.cur_selection[0])) >> 8) != 0):
I'm not hugely convinced that users can do anything nasty with this but I
agree that it should probably be replaced.
In the short term, perhaps it could just be replaced with
ret = subprocess.call(('dispense', '-u', vstatus.username, 'door'))
and something similar for the second call.
although that would change the logs from
odispense2: dispense 'Open Door' (door:0) for zanchey by zanchey
to
odispense2: dispense 'Open Door' (door:0) for zanchey by root
In the long term I wonder if it is worth skipping the client binary
altogether and just talking over the network to the dispense server; I was
thinking about writing a Python library to do just that anyway as I abhor
C.
(This message should not be taken as an acceptance of the maintainership
of the snack machine server code.)
David Adam
UCC Wheel Member
zanchey@
More information about the tech
mailing list