Telnet to remote system and format output via web page
Chris Angelico
rosuav at gmail.com
Fri Sep 13 08:55:52 EDT 2013
On Fri, Sep 13, 2013 at 10:31 PM, Jean-Michel Pichavant
<jeanmichel at sequans.com> wrote:
> ----- Original Message -----
>> I would use something like fabric to automatically login to hosts via
>> ssh then parse the data myself to generate static HTML pages in a
>> document root.
>>
>> Having a web app execute remote commands on a server is so wrong in
>> many ways.
>
> Such as ?
It depends exactly _how_ it's able to execute remote commands. If it
can telnet in as a fairly-privileged user and transmit arbitrary
strings to be executed, then any compromise of the web server becomes
a complete takedown of the back-end server. You're basically
circumventing the protection that most web servers employ, that of
running in a highly permissions-restricted user.
On the other hand, if the "execute remote commands" part is done by
connecting to a shell that executes its own choice of command safely,
then you're not forfeiting anything. Suppose you make this the login
shell for the user foo at some-computer:
#!/bin/sh
head -4 /proc/meminfo
You can then telnet to that user to find out how much RAM that
computer has free. It's telnet, it's executing a command on the remote
server... but it's safe. (For something like this, I'd be inclined to
run a specific "memory usage daemon" that takes connections on some
higher port, rather than having it look like a shell, but this is a
viable demo.) I've done things like this before, though using SSH
rather than TELNET.
ChrisA
More information about the Python-list
mailing list