[IPython-dev] "Unsigned Message" error in a forking kernel manager

Jason Grout jason-sage at creativetrax.com
Tue May 29 19:36:38 EDT 2012


On 5/29/12 6:04 PM, Jason Grout wrote:
> On 5/29/12 3:36 PM, Fernando Perez wrote:
>> Hi Jason,
>>
>> On Tue, May 29, 2012 at 1:08 PM, Jason Grout
>> <jason-sage at creativetrax.com>   wrote:
>>> Is there a key or something that I should be
>>> doing to "sign" my messages?  If someone could give this a quick
>>> look-over and see if there are any obvious problems, that would be great.
>>
>> Yes, kernels sign their messages, to make it harder for other
>> processes in the same machine to send them arbitrary commands
>> (remember, our protocol is openly explained, so without this any
>> ipython process would basically be a user shell listening on a  port
>> for the first clown to say 'rm -rf $HOME').  See the code in
>> zmq/session.py around line 423 for the signing, and the key is a
>> member of the Session class which you can change/reassign (which will
>> trigger a recomputation of the auth field used to sign the messages,
>> see line 298).
>
> Thanks.  I remember being a part of the original authentication
> conversation last year (we implemented the same thing for the sage cell
> server).  The question is: how do I get the key the kernel expects
> messages to be signed with?  Should I be initializing the kernel with
> that?  If so, how should I initialize a kernel to use a specific key for
> its sessions?  It seems that the initializing code is in the KernelApp
> class in kernelapp.py.  If I understand traits correctly, the various
> *_port traits can be initialized by passing in keyword arguments into
> the constructor, and that is how the ports are being correctly
> initialized in my gist.  However, the key for the session seems to be
> only initialized if I read a connection file (in load_connection_file).
>    So a more specific question is: can I initialize a session key using
> embed_kernel using just the arguments to embed_kernel?  Or equivalently,
> using just initialization arguments to KernelApp, can I set the kernel's
> session key?

Just a follow-up: changing the first few lines of embed_kernel to:

     if IPKernelApp.initialized():
         app = IPKernelApp.instance()
     else:
         app = IPKernelApp.instance(**kwargs)
         if key:
             app.config.Session.key=key
         app.initialize([])


and adding a `key` keyword argument to embed_kernel seems to work. 
Should I submit a pull request, or is there a better way to do this?

Thanks,

Jason





More information about the IPython-dev mailing list