Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Provides the functionality needed to operate the pseudo-tty (PTY) allocated to a docker container, using the Python client.
[] (https://travis-ci.org/d11wtq/dockerpty)
Via pip:
pip install dockerpty
Dependencies:
However, this library does not explicitly declare this dependency in PyPi for a number of reasons. It is assumed you have it installed.
The following example will run busybox in a docker container and place the user at the shell prompt via Python.
This obviously only works when run in a terminal.
import docker
import dockerpty
client = docker.Client()
container = client.create_container(
image='busybox:latest',
stdin_open=True,
tty=True,
command='/bin/sh',
)
dockerpty.start(client, container)
Keyword arguments passed to start()
will be forwarded onto the client to
start the container.
When the dockerpty is started, control is yielded to the container's PTY until the container exits, or the container's PTY is closed.
This is a safe operation and all resources are restored back to their original states.
Note: dockerpty does support attaching to non-tty containers to stream container output, though it is obviously not possible to 'control' the container if you do not allocate a pseudo-tty.
If you press C-p C-q
, the container's PTY will be closed, but the container
will keep running. In other words, you will have detached from the container
and can re-attach with another dockerpty.start()
call.
If you want to hack on dockerpty and send a PR, you'll need to run the tests. In the features/ directory, are features/user stories for how dockerpty is supposed to work. To run them:
-bash$ pip install -r requirements-dev.txt
-bash$ behave features/
You'll need to have docker installed and running locally. The tests use busybox container as a test fixture, so are not too heavy.
Step definitions are defined in features/steps/.
There are also unit tests for the parts of the code that are not inherently dependent on controlling a TTY. To run those:
-bash$ pip install -r requirements-dev.txt
-bash$ py.test tests/
Travis CI runs this build inside a UML kernel that is new enough to run docker. Your PR will need to pass the build before I can merge it.
In a terminal, the three file descriptors stdin, stdout and stderr are all
connected to the controlling terminal (TTY). When you pass the tty=True
flag
to docker's create_container()
, docker allocates a fake TTY inside the
container (a PTY) to which the container's stdin, stdout and stderr are all
connected.
The docker API provides a way to access the three sockets connected to the PTY. If with access to the host system's TTY file descriptors and the container's PTY file descriptors, it is trivial to simply 'pipe' data written to these file descriptors between the host and the container. Doing this makes the user's terminal effectively become the pseudo-terminal from inside the container.
In reality it's a bit more complicated than this, since care must be taken to
put the host terminal into raw mode (where keys such as enter are not
interpreted with any special meaning) and restore it on exit. Additionally, the
container's stdout and stderr streams along with sys.stdin
must be made
non-blocking so that they can be used with select()
without blocking the main
process. These attributes are restored on exit.
The size of a terminal cannot be controlled by sending data to stdin and can only be controlled by the terminal program itself. Since the pseudo-terminal is running inside a real terminal, it is import that the size of the PTY be kept the same as that of the presenting TTY. For this reason, docker provides an API call to resize the allocated PTY. A SIGWINCH handler is used to detect window size changes and resize the pseudo-terminal as needed.
Copyright © 2014 Chris Corbyn. See the LICENSE.txt file for details.
FAQs
Python library to use the pseudo-tty of a docker container
We found that dockerpty demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.