Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #54113

Re: Telnet to remote system and format output via web page

Show all headers | View raw

On Fri, Sep 13, 2013 at 10:31 PM, Jean-Michel Pichavant
<jeanmichel@sequans.com> wrote:
> ----- Original Message -----
>> I would use something like fabric to automatically login to hosts via
>> ssh then parse the data myself to generate static HTML pages in a
>> document root.
>>
>> Having a web app execute remote commands on a server is so wrong in
>> many ways.
>
> Such as ?

It depends exactly _how_ it's able to execute remote commands. If it
can telnet in as a fairly-privileged user and transmit arbitrary
strings to be executed, then any compromise of the web server becomes
a complete takedown of the back-end server. You're basically
circumventing the protection that most web servers employ, that of
running in a highly permissions-restricted user.

On the other hand, if the "execute remote commands" part is done by
connecting to a shell that executes its own choice of command safely,
then you're not forfeiting anything. Suppose you make this the login
shell for the user foo@some-computer:

#!/bin/sh
head -4 /proc/meminfo

You can then telnet to that user to find out how much RAM that
computer has free. It's telnet, it's executing a command on the remote
server... but it's safe. (For something like this, I'd be inclined to
run a specific "memory usage daemon" that takes connections on some
higher port, rather than having it look like a shell, but this is a
viable demo.) I've done things like this before, though using SSH
rather than TELNET.

ChrisA

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread

Thread

Re: Telnet to remote system and format output via web page Chris Angelico <rosuav@gmail.com> - 2013-09-13 22:55 +1000

csiph-web