Follow-up Comment #2, bug #17456 (project mldonkey):
case 2:
allowed_commands = [
(df, df);
(ls, "ls incoming");]
allow_any_command = true
=================================================================
> ! "ls incoming"
directories
files
---------------- Exited with code 0
- This works now with the attached patch
=================================================================
> ! mount
/dev/sdb1 on / type reiserfs (rw,noatime,notail,user_xattr)
...
- This works now with the attached patch
=================================================================
"mldonkey gets the password uncrypted so this would be a major security risk
if it would work ;)"
Because of uncrypted passwords its important users set
allowed_ips to a correct value. With such a good protection
using "!" command should be no problem.
What about having "!" restricted to admin users in multiuser patch?
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?17456>
_______________________________________________
Nachricht geschickt von/durch Savannah
http://savannah.nongnu.org/
_______________________________________________
Mldonkey-bugs mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/mldonkey-bugs
