The Engine of Your Internet is Serious Business

This week, some people are saying some nice things about Twisted.

"A big component to that has been our use of Twisted Python. We're pretty reliant on the Twisted framework, and we use it for our base-line management software that we use to run the great majority of production services that we have, our monitoring infrastructure and the next-generation thing that we have coming, which is a suite of programs that will automate the upgrade process for us," Kelley said.
       Python Slithers into Systems, eWeek.com

"Twisted is one of our favorite pieces of technology. We’ve used it in Sleevenotez, and we had a major project last year, that was unfortunately canned for budget reasons after we’d done about 2 months modelling and spec work, that we designed in Twisted. I’ve been using it for years and I really think it’s one of the finest software systems I’ve ever come across."
       Twisted "ready for the big time", isotoma blog

solve for X


class A(object):
    def m(self, alpha):
        print 'A.m', alpha

class B(A):
    def m(self, alpha, beta):
        print 'B.m', alpha, beta
        super(B, self).m(alpha)

class C(B):
    def m(self, alpha, beta, gamma):
        print 'C.m', alpha, beta, gamma
        super(C, self).m(alpha, beta)

class D(B):
    def m(self, alpha, beta, gamma, delta):
        print 'D.m', alpha, beta, gamma, delta
        super(D, self).m(alpha, beta)

class E(C, D):
    def m(self, alpha, beta, gamma, delta, epsilon):
        print 'E.m', alpha, beta, gamma, delta, epsilon
        x = ???
        super(E, self).m(alpha, *x)

E().m(1, 2, 3, 4, 5)


twistd make me a sandwich

The UNIX security model sucks.

Unfortunately, we are likely to be stuck with it for the next hundred quintillion years, it will outlive the sun and possibly humanity as we flee to other stars and trade our technology to species across the galaxy.  I understand this fact.  I can live with it.

Still, we must be able to do better than the current tools, like sudo.  I have had a variety of Twisted-based ideas for this kicking around in the back of my head for a while.

Imagine a Twisted daemon that ran at boot, seteuid and setegid to "nobody", but retaining root privileges.  spawnProcess already supports switching UIDs for your subprocess.  Instead of running subprocesses directly, you could run a Twisted client program which would connect to the root daemon and ask it to do something for you.

Such a daemon could be used for more than just 'sudo'.  Most of the tasks currently reserved for 'init', such as run-parts, could be run as "nobody" instead, with start-stop-daemon asking to run specific commands as root.  You could eliminate just about every "suid" binary by having all the binaries themselves be non-SUID, but distributed with security rules that allow their execution in specific restricted contexts.

Since security rules could be implemented in Python, it would be easy to have flexible policy declarations, like, "/usr/bin/foobar can always run /usr/sbin/bazqux processes as the 'foobar' user when run by people in the 'xyz' group".  This avoids giving unrestricted system access to either members of the 'xyz' group, or anyone who can exploit the 'foobar' executable.  Ideally programs could be distributed with their own security rules rather than, as sudo does, making separating privileges the administrator's responsibility.

Of course I have no time to implement this, nor to advocate it to the dozens of very high-profile projects which would need to adopt it in order for it to be useful.  I wish that I could, though, every time sudo lets me run two commands as root in a row because it would be too inconvenient to type my password a second time.