Python's urandom as non-admin
A few weeks ago I set up a new mercurial server fronted by “hgweb-cgi”. The application pool is, as python 2.66, in x64 mode. It has a dedicated ad account from the Managed Service Accounts OU. I set the privileges to deny logon locally and run as service and batch. Everything works fine… until you want to push: HTTP 502 Bad Gateway.
IIS failed request tracing lead me to the relevant python source line:
So I opened up the file in notepad and looked at the line…
The “_urandom” is the one that’s breaking the thing. So I took a look at the os.py from the lib directory.
Funky nice UNIX path. So I tried to create the directory “C:\dev\” set permission to everybody “full access” and added a dummy file called “urandom” - Still no success.
I ended up with editing the Random.py:
amazed shocked that I need to edit the base library file.