IVLE

Replace trampoline with a root daemon

Bug #492538 reported by William Grant on 2009-03-26

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	IVLE	Triaged	Medium	Unassigned

Bug Description

trampoline is currently a fairly good security risk. Anything running as
the web server can use it to sudo to lots of users, and anything run by it
reamins intimately tied to the web server. Its daemon mode can't be watched
either, as the parent (an Apache thread) dies quickly. It also requires an
awful lot of command-line arguments and breaks when configuration changes.

I suspect we would be better off replacing it with a Python daemon that
runs as root. It listens on a local filesystem socket for connections from
the web server, and can be told to perform all of the actions that we use
trampoline for now. When starting a Python console, it can observe it and
make sure it doesn't behave badly. It can also manage mounting, unmounting
and rebuilding of jails.

Tags:

Revision history for this message

William Grant (wgrant) wrote on 2009-03-26:

It can also do creation of jails if necessary, for uses like issue 85.

Revision history for this message

William Grant (wgrant) wrote on 2009-05-19:

This would also improve performance, as filesystem actions could be performed by
communicating with a long-lived Python process inside the jail.

William Grant (wgrant) on 2009-12-04

tags:

added: trampoline

William Grant (wgrant) on 2010-02-23

Changed in ivle:
assignee:	William Grant (wgrant) → nobody

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.