Yes, I agree. But one has to guard against the user killing his own sage process. Is it possible to prevent this?
If this is not possible then any solution will be basically equivalent to mine (restarting the sage process of the user). Implemented within sage of course instead of a shell script. Ah: maybe your point is that if the user kills his own sage process he is just shooting himself in the foot? So no special action should be required... Michel On Jun 6, 8:07 pm, "William Stein" <[EMAIL PROTECTED]> wrote: > Hi, > > The better solution -- in the long run -- is that each SAGE worksheet > process starts as a different more limited user. Unfortunately, this > will require significant work to implement -- we'll likely do it > at SD4 next week. > > William > > On 6/6/07, Michel <[EMAIL PROTECTED]> wrote: > > > > > > > Yep this solution seems to work quite well. My son remarked > > that when restarting sage it is necessary to also kill all processes > > run by sageuser. Otherwise sageuser could start a process which > > would be on the lookout for new instances of sage and kill > > these also! > > > Michel > > > On Jun 6, 6:40 pm, Michel <[EMAIL PROTECTED]> wrote: > > > On Jun 6, 2:04 pm, Michel <[EMAIL PROTECTED]> wrote: > > > > > Input from my son who is fascinated by security. > > > > > On my setup at least the notebook user can > > > > kill the sage binary, needing manual intervention > > > > to start it again. > > > > > How to guard against that? > > > > > Michel > > > > Well instead of starting > > > > su - sageuser sage -notebook > > > > inside the jail it seems one can run a little script (as root) > > > > while true > > > do > > > su - sageuser sage -notebook > > > sleep 2 > > > done > > > > The idea is that from the notebook one can kill the sageuser > > > process but not the parent process (which is running as root). > > > So the sageuser process is restarted. > > > > Perhaps sage should do this by itself. I.e. sage should have a daemon > > > mode in which it drops priviledges. > > > > Michel > > -- > William Stein > Associate Professor of Mathematics > University of Washingtonhttp://www.williamstein.org --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---
