[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Bryan Stansell bryan@conserver.com
Sun, 24 Apr 2005 11:16:19 -0700 (PDT)
ah...very true. a limited login isn't quote available with that bit of code there. if you can get them to run the console client on a host they should have full access to, then it wouldn't be bad (since the command is run on the client side). but, i do understand your point, and i can see the need for a switch to be able to turn this off. for now, if you remove (or comment out or #if it away or whatever) the case statement on line 3620 of conserver/group.c (the '|' one), you'll disable the feature. the only other bit of diddying up you might want to do is also remove the reference on line 421 of conserver/client.c (the help message). i'll make sure either a run-time or compile-time (or both) switch is put in for the next release to turn this off so things can be more secure. Bryan On Sun, Apr 24, 2005 at 06:34:34PM +0200, Sven 'Darkman' Michels wrote: > Hi there, > > i've played with conserver cause i want/need a terminal server like > solution for consoles. IMHO conserver is great for that, cause it > supports all i need (different baud rates, multiple servers, logging > etc.) but one thing is a bit annoying. The exec feature is, at least > for me, a security risk. If i want to let someone connect to my server, > he usually gets an ssh account with his shell = console call. So after > login he immedially will be connected to the console. Now he can use > the exec feature to exec "things" on my server which i don't want. > So is there a way to disable some features like that (execpt of > changeing the source)? > > Regards, > Sven Michels > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users