[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: limiting consoles features

Bryan Stansell bryan@conserver.com
Sun, 24 Apr 2005 11:16:19 -0700 (PDT)

ah...very true.  a limited login isn't quote available with that bit of
code there.  if you can get them to run the console client on a host
they should have full access to, then it wouldn't be bad (since the
command is run on the client side).

but, i do understand your point, and i can see the need for a switch to
be able to turn this off.  for now, if you remove (or comment out or #if
it away or whatever) the case statement on line 3620 of
conserver/group.c (the '|' one), you'll disable the feature.  the only
other bit of diddying up you might want to do is also remove the
reference on line 421 of conserver/client.c (the help message).

i'll make sure either a run-time or compile-time (or both) switch is put
in for the next release to turn this off so things can be more secure.


On Sun, Apr 24, 2005 at 06:34:34PM +0200, Sven 'Darkman' Michels wrote:
> Hi there,
> i've played with conserver cause i want/need a terminal server like
> solution for consoles. IMHO conserver is great for that, cause it
> supports all i need (different baud rates, multiple servers, logging
> etc.) but one thing is a bit annoying. The exec feature is, at least
> for me, a security risk. If i want to let someone connect to my server,
> he usually gets an ssh account with his shell = console call. So after
> login he immedially will be connected to the console. Now he can use
> the exec feature to exec "things" on my server which i don't want.
> So is there a way to disable some features like that (execpt of
> changeing the source)?
> Regards,
> Sven Michels
> _______________________________________________
> users mailing list
> users@conserver.com
> https://www.conserver.com/mailman/listinfo/users