[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: limiting consoles features

Sven 'Darkman' Michels sven@darkman.de
Sun, 24 Apr 2005 11:30:15 -0700 (PDT)

Bryan Stansell wrote:
ah...very true.  a limited login isn't quote available with that bit of
code there.  if you can get them to run the console client on a host
they should have full access to, then it wouldn't be bad (since the
command is run on the client side).

Right, but for now i want to build something like a "end user console server", so the user normaly don't need/have access on the box, too.

but, i do understand your point, and i can see the need for a switch to
be able to turn this off.  for now, if you remove (or comment out or #if
it away or whatever) the case statement on line 3620 of
conserver/group.c (the '|' one), you'll disable the feature.  the only
other bit of diddying up you might want to do is also remove the
reference on line 421 of conserver/client.c (the help message).

yeah, that was what i tought of (changeing the code ;) - maybe i will remove other things, too (like the switch of the console, cause we don't use authentication at this level anymore..) - may thanks for the codelines! :)

i'll make sure either a run-time or compile-time (or both) switch is put
in for the next release to turn this off so things can be more secure.

What about a switch to disable a few features? so you can call console with -X or so and it won't provide such features then (but you would need a compile option, too, if someone is allowed to spec the console call itself..)

Thanks for your reply!
With kind regards,