For the Psiphon patch (http://www.turnkeylinux.org/forum/general/20110215/psiphon-25-tklpatch) I've been working on, I planned to finish it off by something that I thought was far outside my reach: In the event of DHCP, on everyboot.d run a script to update the proxy table so the interface can be accessed remotely from the local network (and thus run the machine headlessly). The alternative was to configure via webmin and lynx (text-based browser).
I'm remarkably proud of what I came up with based on Alon's mysqlconf.py script. I've come a long way. Nevertheless - I'm told it's a significant security risk and promiscous, even with the logic I intend to add.
I'm looking for an alternative to the script I've attached - an alternative would need to find the LAN ip address of either eth0 or eth1, then update the table 'proxy' in the database 'psiphon' where name = "administrative." It would run from /usr/lib/inithooks/everyboot.d.
I'm definitely not asking someone to do it for me; just wondering how to achieve this without using mysql exec, since I've been warned to shy from it. I'm hoping for a point in the right direction.
On the other hand, would you suggest I continue on this tact and consider it safe enough for now? I can imagine that's a viable answer.
I found ipaddr.py, which possibly could help sanitize what gets put in the table. Perhaps that could mitigate the risk?