object exported through manager from multiprocess module
Hi all, have troubles with exporting objects through managers from multiprocess module, see example: Worker.py: ### from multiprocessing import Process from multiprocessing.managers import BaseManager import pcapy from impacket.ImpactDecoder import EthDecoder __all__ = ['Worker'] class Worker(Process): ''' Class for sniffing packets, runnig as root ''' public = ['go', 'terminate'] def __init__(self): super(Worker, self).__init__() self.iface = '' self.expr = '' self.pcap = '' # define packet decoder self.decoder = EthDecoder() # key for queue daemon, remotely on localhost:5000 self._keyQ = '10b222970537b97919db36ec757370d2' class QueueManager(BaseManager): pass QueueManager.register('get_dataQueue') self._m = QueueManager(address=('127.0.0.1', 5000), authkey=self._keyQ) self._m.connect() self.dataQueue = self._m.get_dataQueue() def go(self, iface, expr): ''' start sniffer ''' print Starting sniffer self.iface = iface self.expr = expr super(Worker, self).start() def terminate(self): ''' terminate sniffer ''' super(Worker, self).terminate() def run(self): print sniffing ... print self.iface print self.expr self.pcap = pcapy.open_live(self.iface, 1500, 1, 0) self.pcap.setfilter(self.expr) self.pcap.loop(0, self.__packetHandler) print ... done def __packetHandler(self, hdr, data): ''' handles packets and put them in to the queue ''' print Handling packets #print data print Queue size: %i % self.dataQueue.qsize() print self.decoder.decode(data) self.dataQueue.put(data) Export object (Worker): ### from Worker import Worker class SniffManager(BaseManager): pass SniffManager.register('Worker', callable=Worker) Sm = SniffManager(address=('127.0.0.1', 5001), authkey='f1f16683f3e0208131b46d37a79c8921') Ss = Sm.get_server() Ss.serve_forever() Call object methods remotely: ### # get remote object class WorkerManager(BaseManager): pass WorkerManager.register('Worker') w = WorkerManager(address=('127.0.0.1', 5001), authkey='f1f16683f3e0208131b46d37a79c8921') w.connect() worker = w.Worker() worker.go(iface=ethx, expr=whatever) # WORKS FINE but worker.terminate() File /home/tom/web2py/applications/init/controllers/sniffer.py, line 143, in index worker.terminate() File string, line 2, in terminate File /usr/lib/python2.6/multiprocessing/managers.py, line 740, in _callmethod raise convert_to_error(kind, result) AttributeError: 'NoneType' object has no attribute 'terminate' Which is strange from my point of view, don't you think? Thanks for advices, cheers -- Tomas Pelka -- http://mail.python.org/mailman/listinfo/python-list
Re: how to run part of my python code as root
sjdevn...@yahoo.com wrote: On Feb 4, 2:05 pm, Tomas Pelka tompe...@gmail.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey, is there possibility how to run part of my code (function for example) as superuser. Or only way how to do this is create a wrapper and run is with Popen through sudo (but I have to configure sudo to run whole python as root). thank you for excellent explanation. In decreasing order of desirability: 1. Find a way to not need root access (e.g. grant another user or group access to whatever resource you're trying to access). 2. Isolate the stuff that needs root access into a small helper program that does strict validation of all input (including arguments, environment, etc); when needed, run that process under sudo or similar. I thing this approach is the best for me. But how to connect two separated processes, one running with root privileges and second without superuser privileges? Is was thinking about Queues from multiprocessing, didn't you know if it is a good choice? 2a. Have some sort of well-verified helper daemon that has access to the resource you need and mediates use of that resource. 3. Run the process as root, using seteuid() to switch between user and root privs. The entire program must be heavily verified and do strict validation of all inputs. Any attacker who gets control over the process can easily switch to root privs and do damage. This is generally a bad idea. -- Tom Key fingerprint = 06C0 23C6 9EB7 0761 9807 65F4 7F6F 7EAB 496B 28AA -- http://mail.python.org/mailman/listinfo/python-list
how to run part of my python code as root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey, is there possibility how to run part of my code (function for example) as superuser. Or only way how to do this is create a wrapper and run is with Popen through sudo (but I have to configure sudo to run whole python as root). Thanks for advice. - -- Tom Key fingerprint = 06C0 23C6 9EB7 0761 9807 65F4 7F6F 7EAB 496B 28AA -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktrGoYACgkQf29+q0lrKKqaNACdEvfg+g0n3DzFr/7R33y2Nesy hK8An3ZlpUEEibf0Q1wVET/KpXnsv/PO =JKro -END PGP SIGNATURE- -- http://mail.python.org/mailman/listinfo/python-list
subprocess troubles
Hey all, have a problem with following piece of code: -- import subprocess paattern = python cmd = /usr/bin/locate arg1 = -i arg2 = -d /var/www/books/mlocate.db arg3 = str( + pattern) p1 = subprocess.Popen([cmd, arg1, arg2, arg3], shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (stdoutdata, stderrdata) = p1.communicate() print p1.returncode print %s -- %s % (stdoutdata, stderrdata) -- But return code is always 1 and command do not return any result/error (stdoutdata, stderrdata are None). If I run this command (/usr/bin/locate -i -d /var/www/books/mlocate.db python) from standard shell everything goes fine. Could you please give me an advice what I'm doing wrong? Thanks Cheers -- Tom -- http://mail.python.org/mailman/listinfo/python-list
Re: subprocess troubles
On 01/21/2010 11:39 AM, Javier Collado wrote: Hello, If you set shell=False, then I think that arg2 should be separated into two different parts. Also, arg3 could be set just to pattern (no need to add extra spaces or using str function). Best regards, Javier 2010/1/21 Tomas Pelkatompe...@gmail.com: Hey all, have a problem with following piece of code: -- import subprocess paattern = python cmd = /usr/bin/locate arg1 = -i arg2 = -d /var/www/books/mlocate.db arg3 = str( + pattern) p1 = subprocess.Popen([cmd, arg1, arg2, arg3], shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE) (stdoutdata, stderrdata) = p1.communicate() print p1.returncode print %s -- %s % (stdoutdata, stderrdata) -- But return code is always 1 and command do not return any result/error (stdoutdata, stderrdata are None). If I run this command (/usr/bin/locate -i -d /var/www/books/mlocate.db python) from standard shell everything goes fine. Could you please give me an advice what I'm doing wrong? Thanks Cheers -- Tom -- http://mail.python.org/mailman/listinfo/python-list Thanks Javier for advice, but sill same result. I'm running this code as cgi script from apache. Weird is that when i run it from shell as apache user, like # su -s /bin/bash -c /usr/bin/locate -i -d /var/www/books/mlocate.db python; echo $? apache 0 --- I always get 0, but as cgi it returns 1. When I run this script by other user (tom), I'll obtain nonzero output what is OK. Additional info: # su -s /bin/bash -c ls -l /var/www/books/mlocate.db apache -rw-rw-r-- 1 tom books 1465653 Jan 20 13:33 /var/www/books/mlocate.db so db is readable by apache Whore source attached. -- Tom #!/usr/bin/python import cgi import cgitb; cgitb.enable() # for troubleshooting import subprocess import sys import os sys.stderr = sys.stdout command = result = stdoutdata = stderrdata = # Create instance of FieldStorage form = cgi.FieldStorage() # Get data from field 'pattern' pattern = form.getvalue('pattern', 'None') # Get data from field 're' re = form.getvalue('re') cmd = /usr/bin/locate arg1 = -i arg2a = -d arg2b = /var/www/books/mlocate.db arg3 = -r arg4 = str(pattern) p1 = None if re == re: p1 = subprocess.Popen([cmd, arg1, arg2a, arg2b, arg3, arg4], shell=False, \ stdout=subprocess.PIPE, stderr=subprocess.PIPE) command = %s %s %s %s %s %s % (cmd, arg1, arg2a, arg2b, arg3, arg4) else: p1 = subprocess.Popen([cmd, arg1, arg2a, arg2b, arg4], shell=False, \ stdout=subprocess.PIPE, stderr=subprocess.PIPE) command = %s %s %s %s %s % (cmd, arg1, arg2a, arg2b, arg4) (stdoutdata, stderrdata) = p1.communicate() print Content-type: text/html print # debug print UID: %i br % os.getuid() print Search pattern: %s br % pattern print stdout: %s br stderr: %s br % (stdoutdata, stderrdata) print Return code: %i % p1.returncode print html headtitleHledej v books/title/head p align=center form name=input action=search.py method=get Hledany vyraz: input type=text name=pattern / input type=submit value=Hledej / br / Hledat pomoci regularniho vyrazu? input type=checkbox name=re value=re / br / /form /p hr br / if p1.returncode == 0: if stdoutdata: result = stdoutdata else: result = Nic takoveho sem nenasel :/ else: result = 'font color=redbChyba/b/font: \ index souboru je bud zastaraly nebo doslo \ k chybe pri vyhledavani.br \smallcode%s/code \ br \code%s/code/small' % (command, stderrdata) print h1Hledany vyraz %s se nachazi v nasledujicich adresarich/h1 %s /html % (pattern, result) -- http://mail.python.org/mailman/listinfo/python-list