Doing
sage: import os
sage: os.system('whoami')
sage10
sage: os.system("kill -9 `ps -u sage10 -o pid=`")
still seemed to throw me out.
Connection to localhost closed by remote host.
Connection to localhost closed.
Is that expected? Logging out and in again did not seem to restore
my connection.
Michel
On Jun 27, 9:39 am, "William Stein" <[EMAIL PROTECTED]> wrote:
> Hi,
>
> SUMMARY: I've made the public SAGE notebook servers
> nontrivial to seriously vandalize or kill... I hope. Try to
> crack them (especiallyhttps://sage.math.washington.edu:8102).
>
> DETAILS:
>
> For the first time in history I've finally setup a first
> not totally-insanely-trivial-to-vandalize server in
> the chroot jail on sage.math. In fact all three
> servers:
>
> https://sage.math.washington.edu:8100
> https://sage.math.washington.edu:8101
> https://sage.math.washington.edu:8102 <--- please hack me.
>
> are so configured.
>
> What happens is that each user worksheet runs as a separate
> user from the notebook server itself. In fact, there is a rotating
> pool of 30 worksheet users. It should now be *extremely* difficult
> for a user of the notebook to kill the notebook process itself,
> or delete vital user data.
>
> So, for the first time ever, I invite you to please try to see if you
> can kill the
> notebook server. Let's restrict the attacks to the one on port 8102.
> See if you break it by running malicious commands in a worksheet.
>
> NOTE: It is, of course, trivial to denial-of-service sage.math by just
> running lots
> and lots of processes at once. Please don't do that.
>
> William
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-devel@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/sage-devel
URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/
-~----------~----~----~----~------~----~------~--~---
