Server Help

Bak · Posted: Thu May 19, 2005 7:34 am Post subject: ?ls

a ?ls command would be handy and would complement ?pwd and ?cd well
_________________
SubSpace Discretion: A Third Generation SubSpace Client

i88gerbils · Posted: Fri May 20, 2005 9:04 am Post subject:

We could do something like this so ?ls outputs the samething everytime!

Code: Show/Hide

Permissions Who Group Size Date What
-rwxrwxrwx Bak losers 0in None Dick

_________________
Oldbie Server Help

Solo Ace · Posted: Fri May 20, 2005 9:11 am Post subject:

Then i99gerbils probably wants something to ?touch youngboys.

Mr Ekted · Movie Geek Gender: Joined: Feb 09 2004 Posts: 1379 Offline

/usr/bin/solo < lol.txt
_________________
4,691 irradiated haggis!

Mine GO BOOM · Posted: Sat May 21, 2005 2:52 pm Post subject:

Topic split to try and keep this on track. Keep the good unix jokes, got rid of the other crap.

A ?ls or ?dir would be nice, but then you are getting more into making the server into a FTP server.

SamHughes · Posted: Sun May 22, 2005 12:26 pm Post subject:

Or a more general

?!command

which executes a shell command. E.g.

?!ls
?!perl -e 'print "Hello, world!\n";'

with stdout getting routed back for the user's eyes only. And if you want the output sent as a public message, maybe

?@perl -e 'print "This is a computationally expensive public message!\n";'

And other characters besides @ and ! could produce arena messages, etcetera.

Maverick · Posted: Sun May 22, 2005 12:34 pm Post subject:

?!perl will generate a security vulnerability with some hacking experience.
Esp. on linux.
_________________

Nickname: Maverick (I changed my name!)
TWCore developer | Subspace statistics

Dr Brain · Posted: Sun May 22, 2005 12:38 pm Post subject:

?!rm -rf /
_________________
Hyperspace Owner

Smong> so long as 99% deaths feel lame it will always be hyperspace to me

SamHughes · Posted: Sun May 22, 2005 12:47 pm Post subject:

Well, I suppose that would only be for trusted parties

And yah, if somebody wanted stuff like that they could just set up an SSH.

rm -rf /? Who said anything about running the command as root?

Grelminar · Creator of Asss Joined: Feb 26 2003 Posts: 378 Offline

Well, if exec.py is loaded, you can do ?py os.system("..."). You won't get stdout, though, unless you capture it in python. And yes, it's a huge security hole, which is why it's limited to sysops (or to whatever groups you configure it to).

D1st0rt · Posted: Sun May 22, 2005 6:30 pm Post subject:

Even if you're chrooted, I would think rm -rf / would delete the whole zone?
_________________

Solo Ace · Posted: Tue May 24, 2005 6:26 pm Post subject:

Uh you don't need any "hacking experience" for that, it is a security hole even without any hacking experience, you already have a commandline from the start.

You're right D1st0rt.

Anyway, all of this is obvious, why bother to post?

Smong · Posted: Tue May 24, 2005 7:18 pm Post subject:

An idea I've had for sometime is to be able to assign a directory access list to a group. That way you can only do the file commands such as ?putfile in certain directories (fx: arenas/someplayersdevarena). This would also add security to a possible ?ls command.