Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #54113 > unrolled thread

Re: Telnet to remote system and format output via web page

Started byChris Angelico <rosuav@gmail.com>
First post2013-09-13 22:55 +1000
Last post2013-09-13 22:55 +1000
Articles 1 — 1 participant

Back to article view | Back to comp.lang.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: Telnet to remote system and format output via web page Chris Angelico <rosuav@gmail.com> - 2013-09-13 22:55 +1000

#54113 — Re: Telnet to remote system and format output via web page

FromChris Angelico <rosuav@gmail.com>
Date2013-09-13 22:55 +1000
SubjectRe: Telnet to remote system and format output via web page
Message-ID<mailman.354.1379076955.5461.python-list@python.org>
On Fri, Sep 13, 2013 at 10:31 PM, Jean-Michel Pichavant
<jeanmichel@sequans.com> wrote:
> ----- Original Message -----
>> I would use something like fabric to automatically login to hosts via
>> ssh then parse the data myself to generate static HTML pages in a
>> document root.
>>
>> Having a web app execute remote commands on a server is so wrong in
>> many ways.
>
> Such as ?

It depends exactly _how_ it's able to execute remote commands. If it
can telnet in as a fairly-privileged user and transmit arbitrary
strings to be executed, then any compromise of the web server becomes
a complete takedown of the back-end server. You're basically
circumventing the protection that most web servers employ, that of
running in a highly permissions-restricted user.

On the other hand, if the "execute remote commands" part is done by
connecting to a shell that executes its own choice of command safely,
then you're not forfeiting anything. Suppose you make this the login
shell for the user foo@some-computer:

#!/bin/sh
head -4 /proc/meminfo

You can then telnet to that user to find out how much RAM that
computer has free. It's telnet, it's executing a command on the remote
server... but it's safe. (For something like this, I'd be inclined to
run a specific "memory usage daemon" that takes connections on some
higher port, rather than having it look like a shell, but this is a
viable demo.) I've done things like this before, though using SSH
rather than TELNET.

ChrisA

[toc] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web