Ritesh Raj Sarraf <r...@debian.org> writes:
> * Proven Security and Encryption
I quickly browsed around a bit. The killall() function in
gateone/utils.py looks kind of scary. It seems to kill all processes
that contain python and gateone.py in their name. This should match
"emacs -nw python.txt gateone.py" and might be a mild security issue
too:
for session in sessions:
if session in cmdline:
try:
os.kill(pid, signal.SIGTERM)
except OSError:
pass # PID is already dead--great
elif 'python' in cmdline:
if 'gateone.py' in cmdline:
try:
os.kill(pid, signal.SIGTERM)
except OSError:
pass # PID is already dead--great
Perhaps gateone could use cgroups?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
