Daniel Fisher (lennybacon.com)

SOA, DATA & THE WEB

Python’s urandom as non-admin

A few weeks ago I set up a new mercurial server fronted by “hgweb-cgi”. The application pool is, as python 2.66, in x64 mode. It has a dedicated ad account from the Managed Service Accounts OU. I set the privileges to deny logon locally and run as service and batch. Everything works fine… until you want to push: HTTP 502 Bad Gateway.

IIS failed request tracing lead me to the relevant python source line:

clip_image001

So I opened up the file in notepad and looked at the line…

clip_image002

The “_urandom” is the one that’s breaking the thing. So I took a look at the os.py from the lib directory.

clip_image004

Funky nice UNIX path. So I tried to create the directory “C:\dev\” set permission to everybody “full access” and added a dummy file called “urandom” - Still no success.

I ended up with editing the Random.py:

clip_image005

I’m amazed shocked that I need to edit the base library file.

Comments

Write a comment