On Mon, Feb 01, 2010 at 04:49:34PM +1300, martin f krafft wrote:
> tags 552321 help moreinfo
> thanks
>
> also sprach Stefan Völkel <b...@bc-bd.org> [2009.12.11.0029 +1300]:
> > after playing around with this, it looks like this will only work
> > as long as the screen session has not been detached.
> [???]
> > Now if you run molly-guard from bash (PID 4986) it will walk up
> > the process hierarchy and _NOT_ encounter ssh, since SCREENs
> > parent is now init.
> >
> > I changed the patch to walk up the process hierarchy and
> > molly-guard the machine if screen or sshd is found.
>
> While I appreciate your work, this is very much going into the
> direction of a hack (if molly-guard isn't a giant hack already).
I guess one could patch /sbin/halt to accept a --hostname parameter:
r...@foo $ /sbin/halt --hostname bar
E: dude, no, wrong machine.
> I was thinking that we should take a different approach: prompt
> UNLESS we can verify that the current tty is local. Any ideas how to
> accomplish that?
Well, this feels to me like trying to prove a negative, which is always hard or
impossible.
The current approach, hackish or not, does state pretty clear what it does do
and
what not. If you run molly-guarded halt from a screen or ssh session it will ask
you for the hostname you want to shutdown.
I think this burns down to, what is it that molly-guard is trying to acomplish?
a) Should it protect you from shuting down a/the wrong _remote_ machine?
or
b) Should it protect you from shuting down _the wrong_ machine?
If a), well it fails when ssh is run from screen, which makes it unusable at
least for me, because it provides me with a false feeling of security.
If b), then it's more of a --hostname approach.
HTH
Stefan
--
Your manuscript is both good and original, but the part that is good is not
original and the part that is original is not good.
-- Samuel Johnson
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
