Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Flask app contact "deploy agent" instead of sudo'ing Flask #141

Open
zoidyzoidzoid opened this issue Apr 7, 2015 · 3 comments
Open

Make Flask app contact "deploy agent" instead of sudo'ing Flask #141

zoidyzoidzoid opened this issue Apr 7, 2015 · 3 comments

Comments

@zoidyzoidzoid
Copy link
Contributor

"we were chatting about this today and perhaps reducing the "attack surface" on the flask app by having
it send rpc/something to a "deploy agent" running with the required privileges rather than having the
flask app (running as root) itself do the deploy.

Do we even care about it that much if it's going to be on some arbitrary http(s) port?

Once #71 or someone else writing a Flask app is merged.
@stormf
Copy link
Contributor

stormf commented Apr 13, 2015

what if we made the flask app run as a user that is allowed to sudo /path/to/deploy d <app_name>?

@adrianmoisey
Copy link
Contributor

The current version of the flask app just calls deploy directly: https://github.com/yola/yodeploy/pull/71/files#diff-686cfabcd9f0ce5d0eb95fdf5c94d3dfR39

If we wanted to protect ourselves with sudo we would need to call the process directly.

@stormf
Copy link
Contributor

stormf commented Apr 13, 2015

Right I keep forgetting this. Ignore me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@adrianmoisey @stormf @zoidyzoidzoid