Yuvipanda has uploaded a new change for review.
https://gerrit.wikimedia.org/r/76837
Change subject: Try to erase file whenever app exits. Also never exit cleanly
......................................................................
Try to erase file whenever app exits. Also never exit cleanly
This is to prevent attacks where the registrar is dead, but the
address file still remains. An attacker can start a new process
at the port/host specified on the address file and intercept
requests from clients.
This is a rather minor attack, and they can't really obtain
anything at that time (unless someone tries to do anything
that involves passing them the secret key). Also since we never
exit cleanly, the grid engine will restart the registrar fast
enough anyway, and overwrite the addressfile. So the window
for a successful attack is small, and the booty is also very
tiny. Worst they can do with even the secret key is to send
some prank messages by inserting things, or cleaning it out.
Easily recognizable and fixable by just changing the secret.
In short, I'm probably thinking too much about this. This is
probably secure enough. <- Famous Last Words
Change-Id: I01a735f6e386bb8120473e91315d1920477b54d1
---
M src/registrar.py
1 file changed, 29 insertions(+), 19 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/labs/tools/gerrit-to-redis
refs/changes/37/76837/1
diff --git a/src/registrar.py b/src/registrar.py
index 4c833d8..f0e01c0 100644
--- a/src/registrar.py
+++ b/src/registrar.py
@@ -10,6 +10,7 @@
BASE_PATH = os.path.join(os.path.dirname(__file__), '..')
+ADDRESS_PATH = os.path.join(BASE_PATH, 'registrar')
CONFIG_FILE = os.path.join(BASE_PATH, 'config.yaml')
with open(CONFIG_FILE) as f:
config = yaml.load(f)
@@ -43,29 +44,38 @@
# Good enough security, eh?
def write_address_file(port):
address = "tcp://%s:%s" % (platform.node(), port)
- address_path = os.path.join(BASE_PATH, 'registrar')
- address_file = open(address_path, 'w')
+ address_file = open(ADDRESS_PATH, 'w')
address_file.write(address)
address_file.close()
+# Never exit cleanly! We are to keep running forever, and exiting like
+# this makes sure that the Grid Engine will restart us soon anyway
+def cleanup_address_file():
+ if os.path.exists(ADDRESS_PATH):
+ os.remove(ADDRESS_PATH)
+ sys.exit(-1)
+
if __name__ == '__main__':
- context = zmq.Context()
- socket = context.socket(zmq.REP)
- port = socket.bind_to_random_port("tcp://*")
+ try:
+ context = zmq.Context()
+ socket = context.socket(zmq.REP)
+ port = socket.bind_to_random_port("tcp://*")
- write_address_file(port)
+ write_address_file(port)
- while True:
- try:
- msg = json.loads(socket.recv())
- except ValueError:
- print "Invalid JSON!"
- continue
- if msg['action'] == 'add':
- ret = add_subscription(msg)
- elif msg['action'] == 'delete':
- ret = add_subscription(msg)
- else:
- ret = "Unrecognized action: %s " % msg.action
- socket.send(ret)
+ while True:
+ try:
+ msg = json.loads(socket.recv())
+ except ValueError:
+ print "Invalid JSON!"
+ continue
+ if msg['action'] == 'add':
+ ret = add_subscription(msg)
+ elif msg['action'] == 'delete':
+ ret = add_subscription(msg)
+ else:
+ ret = "Unrecognized action: %s " % msg.action
+ socket.send(ret)
+ finally:
+ cleanup_address_file()
--
To view, visit https://gerrit.wikimedia.org/r/76837
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I01a735f6e386bb8120473e91315d1920477b54d1
Gerrit-PatchSet: 1
Gerrit-Project: labs/tools/gerrit-to-redis
Gerrit-Branch: master
Gerrit-Owner: Yuvipanda <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
