[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-bugs] [bug #17456] shell commands broken
From: |
spiralvoice |
Subject: |
[Mldonkey-bugs] [bug #17456] shell commands broken |
Date: |
Fri, 18 Aug 2006 20:58:32 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; de; rv:1.8.0.6) Gecko/20060810 Firefox/1.5.0.6 |
Follow-up Comment #2, bug #17456 (project mldonkey):
case 2:
allowed_commands = [
(df, df);
(ls, "ls incoming");]
allow_any_command = true
=================================================================
> ! "ls incoming"
directories
files
---------------- Exited with code 0
- This works now with the attached patch
=================================================================
> ! mount
/dev/sdb1 on / type reiserfs (rw,noatime,notail,user_xattr)
...
- This works now with the attached patch
=================================================================
"mldonkey gets the password uncrypted so this would be a major security risk
if it would work ;)"
Because of uncrypted passwords its important users set
allowed_ips to a correct value. With such a good protection
using "!" command should be no problem.
What about having "!" restricted to admin users in multiuser patch?
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?17456>
_______________________________________________
Nachricht geschickt von/durch Savannah
http://savannah.nongnu.org/