Console started, but error with input
Opened this issue · 7 comments
Hi, I launched web console in my environment, but Chrome console wrote me an error if I wanted to write any letter. What does it mean? Need I web-console-pry or what?
Error:
PUT http://example.com/console/console_sessions/11116/input 500 (Internal Server Error) application-f4097932c36033c017102e840e12e987.js:33
s.sendInput application-f4097932c36033c017102e840e12e987.js:33
e.emit application-f4097932c36033c017102e840e12e987.js:32
(anonymous function) application-f4097932c36033c017102e840e12e987.js:33
e.emit application-f4097932c36033c017102e840e12e987.js:32
t.handler application-f4097932c36033c017102e840e12e987.js:32
t.keyPress application-f4097932c36033c017102e840e12e987.js:32
(anonymous function) application-f4097932c36033c017102e840e12e987.js:32
Ruby -v = ruby 2.0.0p195
Rails -v = 3.2.14
Gemfile:
gem 'web-console-rails3', :platforms => :ruby
It means that something blew up inside of web-console :) Can you give me a little bit more context? Is there a stack trace somewhere in the logs that you can post for me to review?
[2014-07-07 22:14:24 +0200] [beta.example.vps] [3b2e8939296d5f09d8bf064d15928d73]
IOError (not opened for writing):
web-console-rails3 (1.0.4) lib/web_console/slave.rb:48:in `write'
web-console-rails3 (1.0.4) lib/web_console/slave.rb:48:in `putc'
web-console-rails3 (1.0.4) lib/web_console/slave.rb:48:in `block in send_input'
web-console-rails3 (1.0.4) lib/web_console/slave.rb:48:in `each_char'
web-console-rails3 (1.0.4) lib/web_console/slave.rb:48:in `send_input'
web-console-rails3 (1.0.4) app/models/web_console/console_session.rb:71:in `public_send'
web-console-rails3 (1.0.4) app/models/web_console/console_session.rb:71:in `block in delegate_and_call_slave_method'
web-console-rails3 (1.0.4) app/models/web_console/console_session.rb:81:in `public_send'
web-console-rails3 (1.0.4) app/models/web_console/console_session.rb:81:in `delegate_and_call_slave_method'
web-console-rails3 (1.0.4) app/models/web_console/console_session.rb:86:in `method_missing'
web-console-rails3 (1.0.4) app/controllers/web_console/console_sessions_controller.rb:19:in `input'
actionpack (3.2.14) lib/action_controller/metal/implicit_render.rb:4:in `send_action'
actionpack (3.2.14) lib/abstract_controller/base.rb:167:in `process_action'
actionpack (3.2.14) lib/action_controller/metal/rendering.rb:10:in `process_action'
actionpack (3.2.14) lib/abstract_controller/callbacks.rb:18:in `block in process_action'
activesupport (3.2.14) lib/active_support/callbacks.rb:414:in `_run__418408332383479215__process_action__4343855460991005147__callbacks'
activesupport (3.2.14) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.14) lib/active_support/callbacks.rb:385:in `_run_process_action_callbacks'
activesupport (3.2.14) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.14) lib/abstract_controller/callbacks.rb:17:in `process_action'
actionpack (3.2.14) lib/action_controller/metal/rescue.rb:29:in `process_action'
actionpack (3.2.14) lib/action_controller/metal/instrumentation.rb:30:in `block in process_action'
activesupport (3.2.14) lib/active_support/notifications.rb:123:in `block in instrument'
activesupport (3.2.14) lib/active_support/notifications/instrumenter.rb:20:in `instrument'
activesupport (3.2.14) lib/active_support/notifications.rb:123:in `instrument'
actionpack (3.2.14) lib/action_controller/metal/instrumentation.rb:29:in `process_action'
actionpack (3.2.14) lib/action_controller/metal/params_wrapper.rb:207:in `process_action'
activerecord (3.2.14) lib/active_record/railties/controller_runtime.rb:18:in `process_action'
actionpack (3.2.14) lib/abstract_controller/base.rb:121:in `process'
actionpack (3.2.14) lib/abstract_controller/rendering.rb:45:in `process'
actionpack (3.2.14) lib/action_controller/metal.rb:203:in `dispatch'
actionpack (3.2.14) lib/action_controller/metal/rack_delegation.rb:14:in `dispatch'
actionpack (3.2.14) lib/action_controller/metal.rb:246:in `block in action'
actionpack (3.2.14) lib/action_dispatch/routing/route_set.rb:73:in `call'
actionpack (3.2.14) lib/action_dispatch/routing/route_set.rb:73:in `dispatch'
actionpack (3.2.14) lib/action_dispatch/routing/route_set.rb:36:in `call'
journey (1.0.4) lib/journey/router.rb:68:in `block in call'
journey (1.0.4) lib/journey/router.rb:56:in `each'
journey (1.0.4) lib/journey/router.rb:56:in `call'
actionpack (3.2.14) lib/action_dispatch/routing/route_set.rb:608:in `call'
railties (3.2.14) lib/rails/engine.rb:484:in `call'
railties (3.2.14) lib/rails/railtie/configurable.rb:30:in `method_missing'
journey (1.0.4) lib/journey/router.rb:68:in `block in call'
journey (1.0.4) lib/journey/router.rb:56:in `each'
journey (1.0.4) lib/journey/router.rb:56:in `call'
actionpack (3.2.14) lib/action_dispatch/routing/route_set.rb:608:in `call'
meta_request (0.3.0) lib/meta_request/middlewares/app_request_handler.rb:13:in `call'
rack-contrib (1.1.0) lib/rack/contrib/response_headers.rb:17:in `call'
meta_request (0.3.0) lib/meta_request/middlewares/headers.rb:16:in `call'
meta_request (0.3.0) lib/meta_request/middlewares/meta_request_handler.rb:13:in `call'
warden (1.2.3) lib/warden/manager.rb:35:in `block in call'
warden (1.2.3) lib/warden/manager.rb:34:in `catch'
warden (1.2.3) lib/warden/manager.rb:34:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/best_standards_support.rb:17:in `call'
rack (1.4.5) lib/rack/etag.rb:23:in `call'
rack (1.4.5) lib/rack/conditionalget.rb:35:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/head.rb:14:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/params_parser.rb:21:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/flash.rb:242:in `call'
rack (1.4.5) lib/rack/session/abstract/id.rb:210:in `context'
rack (1.4.5) lib/rack/session/abstract/id.rb:205:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/cookies.rb:341:in `call'
dragonfly (0.9.15) lib/dragonfly/cookie_monster.rb:9:in `call'
activerecord (3.2.14) lib/active_record/query_cache.rb:64:in `call'
activerecord (3.2.14) lib/active_record/connection_adapters/abstract/connection_pool.rb:479:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/callbacks.rb:28:in `block in call'
activesupport (3.2.14) lib/active_support/callbacks.rb:405:in `_run__1819771464729389842__call__2592976895115111773__callbacks'
activesupport (3.2.14) lib/active_support/callbacks.rb:405:in `__run_callback'
activesupport (3.2.14) lib/active_support/callbacks.rb:385:in `_run_call_callbacks'
activesupport (3.2.14) lib/active_support/callbacks.rb:81:in `run_callbacks'
actionpack (3.2.14) lib/action_dispatch/middleware/callbacks.rb:27:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/remote_ip.rb:31:in `call'
/home/hotelweb/domains/beta.hotelweb/shared/bundle/ruby/2.0.0/bundler/gems/better_errors-07c117c7cd7e/lib/better_errors/middleware.rb:58:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/debug_exceptions.rb:16:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/show_exceptions.rb:56:in `call'
railties (3.2.14) lib/rails/rack/logger.rb:32:in `call_app'
railties (3.2.14) lib/rails/rack/logger.rb:16:in `block in call'
activesupport (3.2.14) lib/active_support/tagged_logging.rb:22:in `tagged'
railties (3.2.14) lib/rails/rack/logger.rb:16:in `call'
actionpack (3.2.14) lib/action_dispatch/middleware/request_id.rb:22:in `call'
rack (1.4.5) lib/rack/methodoverride.rb:21:in `call'
rack (1.4.5) lib/rack/runtime.rb:17:in `call'
activesupport (3.2.14) lib/active_support/cache/strategy/local_cache.rb:72:in `call'
rack (1.4.5) lib/rack/lock.rb:15:in `call'
rack-cache (1.2) lib/rack/cache/context.rb:136:in `forward'
rack-cache (1.2) lib/rack/cache/context.rb:143:in `pass'
rack-cache (1.2) lib/rack/cache/context.rb:155:in `invalidate'
rack-cache (1.2) lib/rack/cache/context.rb:71:in `call!'
rack-cache (1.2) lib/rack/cache/context.rb:51:in `call'
dragonfly (0.9.15) lib/dragonfly/middleware.rb:13:in `call'
rack-cache (1.2) lib/rack/cache/context.rb:136:in `forward'
rack-cache (1.2) lib/rack/cache/context.rb:143:in `pass'
rack-cache (1.2) lib/rack/cache/context.rb:155:in `invalidate'
rack-cache (1.2) lib/rack/cache/context.rb:71:in `call!'
rack-cache (1.2) lib/rack/cache/context.rb:51:in `call'
railties (3.2.14) lib/rails/engine.rb:484:in `call'
railties (3.2.14) lib/rails/application.rb:231:in `call'
railties (3.2.14) lib/rails/railtie/configurable.rb:30:in `method_missing'
/usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-4.0.18/lib/phusion_passenger/rack/thread_handler_extension.rb:77:in `process_request'
/usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-4.0.18/lib/phusion_passenger/request_handler/thread_handler.rb:140:in `accept_and_process_next_request'
/usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-4.0.18/lib/phusion_passenger/request_handler/thread_handler.rb:108:in `main_loop'
/usr/local/rvm/gems/ruby-1.9.3-p194/gems/passenger-4.0.18/lib/phusion_passenger/request_handler.rb:441:in `block (3 levels) in start_threads'
?
Hey, sorry for the late response. Will look up the issue later on tonight.
By the way, is that a live server you are trying to attach the console to? Is it ran through an httpd/nginx proxy? As a good rule of thumb, don't try to use that on non development severs, its really insecure.
Thanks!
Yes, that is live server running through ngingx proxy.
Yes, we know, but I have Windows development machine and we need sometimes fix problem on beta env, where is different database and Unix OS. We will not use it in production env.
Could you explain me, why is this so dangerous? What could e.g. happen? I can't imagine this to the depth...
You can execute any program with the permissions of the user that runs the server. Say you have a deploy user which is used for deploying, but also for running the server. I've seen a couple of Rails shops that run it like this. Now the deploy user has access to the code, can restart a couple of processes, etc.
If you are to run system, fork, etc., you can execute arbitrary code on the server itself with the permissions of the deploy user. Even worse, if you type exec "bash" (or whatever your shell is), you can go and "administrate" the server with the ease of the UNIX shell. For example, someone can read the contents of database.yml and if you have just hard-coded your production database credentials in there, you're in trouble. Its really dangerous.
Now, I suppose the problem is happening because the input PTY stream is closed for writing. Might be because of the environment the server is ran in. While I would like to support different servers, if the folks use them for development, I don't wanna encourage people to put the console on live environments. I'll probably add a more understandable error of what's going on.
Ok, you have conviced me... Thx for reply :)