[tech] [ucc] New Door/Dispense Server

Bob Adamson bob at ucc.gu.uwa.edu.au
Tue Apr 12 22:25:44 WST 2011 

On Tue, 12 Apr 2011, David Adam wrote:

> On Tue, 12 Apr 2011, Mark Tearle wrote:
> > Found a feature in the new merlo arrangement for users dispensing from the
> > snack machine. Currently it requires the users shell to exist on merlo.  As
> > I'm counter-revolutionary tcsh
> > user mine did not until moments ago.
> > 
> > This is probably worth fixing so we don't depend on users shells and also so
> > users can't do anything nasty.
> > 
> > Mark
> 
> Mr Tearle,
> 
> $ cvs annotate VendServer.py | grep su
> 
> Annotations for VendServer.py
> ***************
> 1.77         (mtearle  09-Apr-05):      # should use sudo here
> 1.77         (mtearle  09-Apr-05):                      ret = os.system('su - "%s" -c "dispense door"'%vstatus.username)
> 1.77         (mtearle  09-Apr-05):              if ((os.system('su - "%s" -c "dispense %s"'%(vstatus.username, vstatus.cur_selection[0])) >> 8) != 0):
> 
> I'm not hugely convinced that users can do anything nasty with this but I 
> agree that it should probably be replaced.
> 
> In the short term, perhaps it could just be replaced with
> 
>   ret = subprocess.call(('dispense', '-u', vstatus.username, 'door'))
> and something similar for the second call.
> 
> although that would change the logs from
>   odispense2: dispense 'Open Door' (door:0) for zanchey by zanchey
> to
>   odispense2: dispense 'Open Door' (door:0) for zanchey by root
> 
> In the long term I wonder if it is worth skipping the client binary 
> altogether and just talking over the network to the dispense server; I was 
> thinking about writing a Python library to do just that anyway as I abhor 
> C.
> 
> (This message should not be taken as an acceptance of the maintainership 
> of the snack machine server code.)
> 
> David Adam
> UCC Wheel Member
> zanchey@
> 

Couldn't we just set the shell explicitly when we su to the user, by using 
--shell=/bin/sh ?

Bob Adamson
UCC President

|"Bureaucracy is a challenge to the be conquered with a righteous        |
|attitude, an intolerance for stupidity, and a bulldozer when necessary" |
| ---Peter's Laws                                                        |

More information about the tech mailing list