Someone or something just broke SAGE Notebook 8102. I'm getting
"Internal Server Error" on all worksheets in multiple accounts expect
for the public ones. I've been up all trying to end the game for all
the other sage unix users.
On 6/27/07, Timothy Clemans <[EMAIL PROTECTED]> wrote:
> The turning off net access all together for notebook is users is not a
> good idea, because there is database stuff in SAGE that uses web sites
> such as Sloane's database. There is a lot of detection software out
> there, so I don't think net access needs to be stopped altogether.
>
> On 6/27/07, Michel <[EMAIL PROTECTED]> wrote:
> >
> > So far everything looks good. For serious testing one would need the
> > source
> > of the notebook.
> >
> > Here are some points.
> >
> > (1) Practically the whole (chroot)filesystem seems to be readable for
> > the notebook users.
> >
> > (a) I could even read a backup file of /etc/shadow (/etc/shadow-).
> > (b) I could look at other people's worksheets.
> >
> > The default file creation permissions should be changed I think.
> >
> > (2) It seems the notebook users cannot naively write to the file
> > system.
> > But they can write to /tmp. What policy do you want to implement here?
> >
> > (3) The notebook users seem to have internet access so they could
> > execute
> > denial of service attacks against other computers. Shouldn't internet
> > access
> > for notebook users be turned off by default?
> >
> > Michel
> >
> >
> > On Jun 27, 10:25 am, Michel <[EMAIL PROTECTED]> wrote:
> > > So the notebook processes are executing the actual sage commands?
> > > What is then the "notebook server"?. Is it just the webserver?
> > >
> > > This seems indeed quite secure provided the server never executes code
> > > somehow
> > > under control of the user.
> > >
> > > Note: I still think notebook processes should be restarted
> > > automatically (or on demand).
> > > Having to push "restart" when you log in is confusing.
> > >
> > > Michel
> > >
> > > On Jun 27, 9:56 am, "William Stein" <[EMAIL PROTECTED]> wrote:
> > >
> > > > On 6/27/07, Michel <[EMAIL PROTECTED]> wrote:
> > >
> > > > > Doing
> > >
> > > > > sage: import os
> > > > > sage: os.system('whoami')
> > > > > sage10
> > > > > sage: os.system("kill -9 `ps -u sage10 -o pid=`")
> > >
> > > > > still seemed to throw me out.
> > >
> > > > > Connection to localhost closed by remote host.
> > > > > Connection to localhost closed.
> > >
> > > > > Is that expected? Logging out and in again did not seem to restore
> > > > > my connection.
> > >
> > > > Hi, the three sage notebooks are still working fine for me.
> > > > All what you did above does is kill the SAGE worksheet process
> > > > for your individual worksheet -- I.e., you shot your own user in
> > > > the foot. It shouldn't (and doesn't) affect the overall
> > > > SAGE notebook server in any nontrivial way, as far as I can tell.
> > >
> > > > William
> >
> >
> > > >
> >
>
--~--~---------~--~----~------------~-------~--~----~
To post to this group, send email to sage-devel@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/sage-devel
URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/
-~----------~----~----~----~------~----~------~--~---
