File: 10_remove_default_password.dpatch

package info (click to toggle)
parallelpython 1.6.0-1
  • links: PTS, VCS
  • area: main
  • in suites: squeeze
  • size: 224 kB
  • ctags: 231
  • sloc: python: 1,437; sh: 54; makefile: 36
file content (52 lines) | stat: -rw-r--r-- 4,362 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_remove_default_password.dpatch by Sandro Tosi <morph@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: This patch removes the default password from pp code, requiring users to
## DP: explicitly write one; it updates the documentation along the source code

@DPATCH@
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' parallelpython~/doc/ppdoc.html parallelpython/doc/ppdoc.html
--- parallelpython~/doc/ppdoc.html	2010-07-11 09:29:04.000000000 +0200
+++ parallelpython/doc/ppdoc.html	2010-07-15 18:47:28.987525212 +0200
@@ -43,7 +43,7 @@
 -s secret          : secret for authentication
 -t seconds         : timeout to exit if no connections with clients exist
 </pre>
-<hr /><h1 id="COMMANDLINE">&nbsp; Security and secret key<a name="SECURITY" title="SECURITY"></a></h1><p>&nbsp;Due to the security concerns it is highly recommended to run ppserver.py with an non-trivial secret key (-s command line argument) which should be paired with the matching <em>secret</em> keyword of PP Server class constructor. Since PP 1.5.3 it is possible to set secret key by assigning <strong>pp_secret</strong> variable in the configuration file <strong>.pythonrc.py</strong> which should be located in the user home directory (please make this file readable and writable only by user). The secret key set in .pythonrc.py could be overridden by command line argument (for ppserver.py) and <em>secret</em> keyword (for PP Server class constructor). </p>
+<hr /><h1 id="COMMANDLINE">&nbsp; Security and secret key<a name="SECURITY" title="SECURITY"></a></h1><p>Due to the security concerns, in Debian we decided to disable default password authentication, and require to run <strong>ppserver</strong> with a non-trivial secret key (<trong>-s</strong> command line argument) which should be paired with the matching <em>secret</em> keyword of PP Server class constructor. An alternative way to set a secret key is by assigning <strong>pp_secret</strong> variable in the configuration file <strong>.pythonrc.py</strong> which should be located in the user home directory (please make this file readable and writable only by user). The secret key set in <strong>.pythonrc.py</strong> could be overridden by command line argument (for <strong>ppserver</strong>) and <em>secret</em> keyword (for PP Server class constructor). Note that passing the password on the command line allows every user to see it (e.g. using <strong>ps(1)</strong>), and that running it on an open/untrusted network can be a security problem as traffic, including the password, is not encrypted.</p>
 
 			</td>
 		</tr>
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' parallelpython~/pp.py parallelpython/pp.py
--- parallelpython~/pp.py	2010-05-30 08:10:29.000000000 +0200
+++ parallelpython/pp.py	2010-07-15 18:52:16.612523852 +0200
@@ -285,7 +285,6 @@
     """
 
     default_port = 60000
-    default_secret = "epo20pdosl;dksldkmm"
 
     def __init__(self, ncpus="autodetect", ppservers=(), secret=None,
             restart=False, proto=2):
@@ -296,9 +295,8 @@
                    the number of processors in the system
            ppservers - list of active parallel python execution servers
                    to connect with
-           secret - passphrase for network connections, if omitted a default
-                   passphrase will be used. It's highly recommended to use a
-                   custom passphrase for all network connections.
+           secret - passphrase for network connections; it can be set via
+                   command-line or configuration file
            restart - wheather to restart worker process after each task completion
            proto - protocol number for pickle module
 
@@ -372,7 +370,7 @@
                 raise TypeError("secret must be of a string type")
             self.secret = str(secret)
         else:
-            self.secret = Server.default_secret
+            raise ValueError("secret must be set using command-line option or configuration file")
         self.__connect()
         self.__creation_time = time.time()
         self.logger.info("pp local server started with %d workers"