Ritesh Raj Sarraf <[email protected]> writes:
> * Proven Security and Encryption
I quickly browsed around a bit. The killall() function in
gateone/utils.py looks kind of scary. It seems to kill all processes
that contain python and gateone.py in their name. This should match
"emacs -nw python.txt gateone.py" and might be a mild security issue
too:
for session in sessions:
if session in cmdline:
try:
os.kill(pid, signal.SIGTERM)
except OSError:
pass # PID is already dead--great
elif 'python' in cmdline:
if 'gateone.py' in cmdline:
try:
os.kill(pid, signal.SIGTERM)
except OSError:
pass # PID is already dead--great
Perhaps gateone could use cgroups?
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
