ASSS Questions - ?ls Bak - Thu May 19, 2005 7:34 am Post subject: ?ls
a ?ls command would be handy and would complement ?pwd and ?cd well
i88gerbils - Fri May 20, 2005 9:04 am Post subject:
We could do something like this so ?ls outputs the samething everytime!
Permissions Who Group Size Date What
-rwxrwxrwx Bak losers 0in None Dick
Solo Ace - Fri May 20, 2005 9:11 am Post subject:
Then i99gerbils probably wants something to ?touch youngboys.
Mr Ekted - Fri May 20, 2005 9:15 am Post subject:
/usr/bin/solo < lol.txt
Mine GO BOOM - Sat May 21, 2005 2:52 pm Post subject: Topic split to try and keep this on track. Keep the good unix jokes, got rid of the other crap.
A ?ls or ?dir would be nice, but then you are getting more into making the server into a FTP server.
SamHughes - Sun May 22, 2005 12:26 pm Post subject:
Or a more general
?!command
which executes a shell command. E.g.
?!ls
?!perl -e 'print "Hello, world!\n";'
with stdout getting routed back for the user's eyes only. And if you want the output sent as a public message, maybe
?@perl -e 'print "This is a computationally expensive public message!\n";'
And other characters besides @ and ! could produce arena messages, etcetera.
Maverick - Sun May 22, 2005 12:34 pm Post subject:
?!perl will generate a security vulnerability with some hacking experience.
Esp. on linux.
Dr Brain - Sun May 22, 2005 12:38 pm Post subject:
?!rm -rf /
SamHughes - Sun May 22, 2005 12:47 pm Post subject:
Well, I suppose that would only be for trusted parties
And yah, if somebody wanted stuff like that they could just set up an SSH.
rm -rf /? Who said anything about running the command as root?
Grelminar - Sun May 22, 2005 4:28 pm Post subject:
Well, if exec.py is loaded, you can do ?py os.system("..."). You won't get stdout, though, unless you capture it in python. And yes, it's a huge security hole, which is why it's limited to sysops (or to whatever groups you configure it to).
D1st0rt - Sun May 22, 2005 6:30 pm Post subject:
Even if you're chrooted, I would think rm -rf / would delete the whole zone?
Solo Ace - Tue May 24, 2005 6:26 pm Post subject:
Uh you don't need any "hacking experience" for that, it is a security hole even without any hacking experience, you already have a commandline from the start.
You're right D1st0rt.
Anyway, all of this is obvious, why bother to post? Smong - Tue May 24, 2005 7:18 pm Post subject:
An idea I've had for sometime is to be able to assign a directory access list to a group. That way you can only do the file commands such as ?putfile in certain directories (fx: arenas/someplayersdevarena). This would also add security to a possible ?ls command.
