Debian Bug report logs - #692529
ITP: gateone -- HTML5 web-based terminal emulator and ssh client

Package: wnpp; Maintainer for wnpp is wnpp@debian.org;

Reported by: Ritesh Raj Sarraf <rrs@debian.org>

Date: Wed, 7 Nov 2012 08:00:02 UTC

Owned by: Mike Gabriel <sunweaver@debian.org>

Severity: wishlist

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, rrs@debian.org, debian-devel@lists.debian.org, wnpp@debian.org:
Bug#692529; Package wnpp. (Wed, 07 Nov 2012 08:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Ritesh Raj Sarraf <rrs@debian.org>:
New Bug report received and forwarded. Copy sent to rrs@debian.org, debian-devel@lists.debian.org, wnpp@debian.org. (Wed, 07 Nov 2012 08:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Ritesh Raj Sarraf <rrs@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ITP: gateone -- HTML5 web-based terminal emulator and ssh client
Date: Wed, 07 Nov 2012 13:27:49 +0530
Package: wnpp
Severity: wishlist
Owner: Ritesh Raj Sarraf <rrs@debian.org>

* Package name    : gateone
  Version         : 1.1-1
  Upstream Author : Dan McDougall <daniel.mcdougall@liftoffsoftware.com>
* URL             : http://liftoffsoftware.com/Products/GateOne
* License         : AGPLv3
  Programming Lang: Python
  Description     : HTML5 web-based terminal emulator and ssh client

Gate One is a web-based Terminal Emulator and SSH client that brings
the power of the command line to the web. It requires no browser plugins
and is built on top of a powerful plugin system that allows every aspect
of its appearance and functionality to be customized.

Key Features

* Clientless
* Multi-User and Multi-Session
* Multi-Auth and Single Sign-On Ready
* Extendable Terminal Emulation
* Embeddable and Unrestricted
* Resume Sessions From Anywhere
* Copy & Paste Just Works
* Get Rid of Browser Plugins
* Terminal Rewind
* Automatation and Scripting
* Proven Security and Encryption
* Logging and Playback of User Sessions
* Open Source & Rock Solid
* Terminals of Any Size
* Run Any Terminal Application
* Display Images, PDFs, and More
* Fast, Portable and Efficient
* Make Down Time History
* IPv6 Support



Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#692529; Package wnpp. (Wed, 07 Nov 2012 13:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Timo Juhani Lindfors <timo.lindfors@iki.fi>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>. (Wed, 07 Nov 2012 13:42:03 GMT) Full text and rfc822 format available.

Message #10 received at 692529@bugs.debian.org (full text, mbox):

From: Timo Juhani Lindfors <timo.lindfors@iki.fi>
To: Ritesh Raj Sarraf <rrs@debian.org>
Cc: 692529@bugs.debian.org
Subject: Re: Bug#692529: ITP: gateone -- HTML5 web-based terminal emulator and ssh client
Date: Wed, 07 Nov 2012 15:39:06 +0200
Ritesh Raj Sarraf <rrs@debian.org> writes:
> * Proven Security and Encryption

I quickly browsed around a bit. The killall() function in
gateone/utils.py looks kind of scary. It seems to kill all processes
that contain python and gateone.py in their name. This should match
"emacs -nw python.txt gateone.py" and might be a mild security issue
too:

            for session in sessions:
                if session in cmdline:
                    try:
                        os.kill(pid, signal.SIGTERM)
                    except OSError:
                        pass # PID is already dead--great
                elif 'python' in cmdline:
                    if 'gateone.py' in cmdline:
                        try:
                            os.kill(pid, signal.SIGTERM)
                        except OSError:
                            pass # PID is already dead--great


Perhaps gateone could use cgroups?




Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#692529; Package wnpp. (Wed, 07 Nov 2012 16:54:11 GMT) Full text and rfc822 format available.

Acknowledgement sent to rrs@debian.org:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>. (Wed, 07 Nov 2012 16:54:12 GMT) Full text and rfc822 format available.

Message #15 received at 692529@bugs.debian.org (full text, mbox):

From: Ritesh Raj Sarraf <rrs@debian.org>
To: Timo Juhani Lindfors <timo.lindfors@iki.fi>
Cc: 692529@bugs.debian.org
Subject: Re: Bug#692529: ITP: gateone -- HTML5 web-based terminal emulator and ssh client
Date: Wed, 07 Nov 2012 22:23:11 +0530
[Message part 1 (text/plain, inline)]
On Wednesday 07 November 2012 07:09 PM, Timo Juhani Lindfors wrote:
> I quickly browsed around a bit. The killall() function in
> gateone/utils.py looks kind of scary. It seems to kill all processes
> that contain python and gateone.py in their name. This should match
> "emacs -nw python.txt gateone.py" and might be a mild security issue
> too:
> 
>             for session in sessions:
>                 if session in cmdline:
>                     try:
>                         os.kill(pid, signal.SIGTERM)
>                     except OSError:
>                         pass # PID is already dead--great
>                 elif 'python' in cmdline:
>                     if 'gateone.py' in cmdline:
>                         try:
>                             os.kill(pid, signal.SIGTERM)
>                         except OSError:
>                             pass # PID is already dead--great
> 
> 
> Perhaps gateone could use cgroups?


Thanks for spending time on it. I too came across it very recently.  I
liked the overall use case.
But this definitely will go through some use, before it gets packaged.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System

[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#692529; Package wnpp. (Fri, 07 Dec 2012 02:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Daniel McDougall <daniel.mcdougall@liftoffsoftware.com>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>. (Fri, 07 Dec 2012 02:54:03 GMT) Full text and rfc822 format available.

Message #20 received at 692529@bugs.debian.org (full text, mbox):

From: Daniel McDougall <daniel.mcdougall@liftoffsoftware.com>
To: 692529@bugs.debian.org
Subject: Re: Bug#692529: ITP: gateone -- HTML5 web-based terminal emulator and ssh client
Date: Thu, 6 Dec 2012 21:50:07 -0500
[Message part 1 (text/plain, inline)]
> I quickly browsed around a bit. The killall() function in
> gateone/utils.py looks kind of scary. It seems to kill all processes
> that contain python and gateone.py in their name. This should match
> "emacs -nw python.txt gateone.py" and might be a mild security issue
> too:

>

> for session in sessions: > if session in cmdline: > try: > os.kill(pid,
signal.SIGTERM) > except OSError: > pass # PID is already dead--great >
elif 'python' in cmdline: > if 'gateone.py' in cmdline: > try: >
os.kill(pid, signal.SIGTERM) > except OSError: > pass # PID is already
dead--great > Perhaps gateone could use cgroups?

I am the author of Gate One.  You know what would be great?  If you
reported this issue!  ;)

I just pushed a commit to the Github repo (
https://github.com/liftoff/GateOne) to make the killall function a _lot_
more explicit.  However, like you said it probably wouldn't have been much
of an issue in the real world (no reports of, "gateone.py killed my emacs
session!" yet =).

I'll see if I can make a 1.2 or 1.1.1 release soon with the fix included.

Please let me know if you encounter anything else like this.  Also, it
doesn't hurt to open an issue in the tracker (next time =):
https://github.com/liftoff/GateOne/issues

-- 
Dan McDougall - Chief Executive Officer and Developer
Liftoff Software ✈ Your flight to the cloud is now boarding.
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#692529; Package wnpp. (Fri, 08 Nov 2013 10:51:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Gabriel <sunweaver@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>. (Fri, 08 Nov 2013 10:51:05 GMT) Full text and rfc822 format available.

Message #25 received at 692529@bugs.debian.org (full text, mbox):

From: Mike Gabriel <sunweaver@debian.org>
To: Ritesh Raj Sarraf <rrs@debian.org>
Cc: 692529@bugs.debian.org, Daniel McDougall <daniel.mcdougall@liftoffsoftware.com>
Subject: Still work in progress (gateone ITP)?
Date: Fri, 08 Nov 2013 10:47:37 +0000
[Message part 1 (text/plain, inline)]
Hi Ritesh Raj,

I just wanted to post an ITP for gate(-)one and I just in time  
realized that there already is this ITP open.

Are you still active on packaging this? Or are you waiting for 1.2 to  
appear? (I just got personal communication from Daniel, that 1.2 will  
be released soon).

Please let me know about your plans, otherwise I will be happy to  
become owner of this ITP.

Thanks+Greets,
Mike
-- 

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

[Message part 2 (application/pgp-keys, inline)]
[Message part 3 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#692529; Package wnpp. (Fri, 08 Nov 2013 16:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to rrs@debian.org:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>. (Fri, 08 Nov 2013 16:21:04 GMT) Full text and rfc822 format available.

Message #30 received at 692529@bugs.debian.org (full text, mbox):

From: Ritesh Raj Sarraf <rrs@debian.org>
To: Mike Gabriel <sunweaver@debian.org>
Cc: 692529@bugs.debian.org, Daniel McDougall <daniel.mcdougall@liftoffsoftware.com>
Subject: Re: Still work in progress (gateone ITP)?
Date: Fri, 08 Nov 2013 21:49:55 +0530
[Message part 1 (text/plain, inline)]
On Friday 08 November 2013 04:17 PM, Mike Gabriel wrote:
> Hi Ritesh Raj,
>
> I just wanted to post an ITP for gate(-)one and I just in time
> realized that there already is this ITP open.
>
> Are you still active on packaging this? Or are you waiting for 1.2 to
> appear? (I just got personal communication from Daniel, that 1.2 will
> be released soon).
>
> Please let me know about your plans, otherwise I will be happy to
> become owner of this ITP. 
Please take it up. I don't have any free time for additional packages
than what I already have on my list.

-- 
Ritesh Raj Sarraf | http://people.debian.org/~rrs
Debian - The Universal Operating System


[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#692529; Package wnpp. (Fri, 08 Nov 2013 22:51:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mike Gabriel <sunweaver@debian.org>:
Extra info received and forwarded to list. Copy sent to wnpp@debian.org, Ritesh Raj Sarraf <rrs@debian.org>. (Fri, 08 Nov 2013 22:51:05 GMT) Full text and rfc822 format available.

Message #35 received at 692529@bugs.debian.org (full text, mbox):

From: Mike Gabriel <sunweaver@debian.org>
To: Ritesh Raj Sarraf <rrs@debian.org>
Cc: 692529@bugs.debian.org, Daniel McDougall <daniel.mcdougall@liftoffsoftware.com>
Subject: Re: Still work in progress (gateone ITP)?
Date: Fri, 08 Nov 2013 22:48:00 +0000
[Message part 1 (text/plain, inline)]
Control: owner -1 Mike Gabriel <sunweaver@debian.org>

On  Fr 08 Nov 2013 17:19:55 CET, Ritesh Raj Sarraf wrote:

> On Friday 08 November 2013 04:17 PM, Mike Gabriel wrote:
>> Hi Ritesh Raj,
>>
>> I just wanted to post an ITP for gate(-)one and I just in time
>> realized that there already is this ITP open.
>>
>> Are you still active on packaging this? Or are you waiting for 1.2 to
>> appear? (I just got personal communication from Daniel, that 1.2 will
>> be released soon).
>>
>> Please let me know about your plans, otherwise I will be happy to
>> become owner of this ITP.
> Please take it up. I don't have any free time for additional packages
> than what I already have on my list.

Ok. Done.

Mike
-- 

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

[Message part 2 (application/pgp-keys, inline)]
[Message part 3 (application/pgp-signature, inline)]

Owner changed from Ritesh Raj Sarraf <rrs@debian.org> to Mike Gabriel <sunweaver@debian.org>. Request was from Mike Gabriel <sunweaver@debian.org> to 692529-submit@bugs.debian.org. (Fri, 08 Nov 2013 22:51:05 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 23:41:07 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.