Re: RFC on file_store()

From: Pavel Roskin <proski gnu org>
To: Pavel Machek <pavel ucw cz>
Cc: <mc-devel gnome org>
Subject: Re: RFC on file_store()
Date: Mon, 18 Jun 2001 11:59:22 -0400 (EDT)

Hi, Pavel!

> > 1) Write fish_server and run it with exec. Maybe even upload fish_server
> > if it's not on the server.
>
> (If you are going to write fish_server, in which language. If in
> shell, you can just "stream" your fish_server as it is currently
> done. If other language... and if it is not there?)

Of course I meant using shell. But at some point it's easier to have a
separate file. The idea is that the proposed fish server should never
execute what it gets from the client without examining it for validity.

If the client and the server share a key (call it a cookie if you want)
and use it to validate commands, things like executing random commands
become quite unlikely.

Instead of a fixed cookie, it should be possible to send MD5 hashes of
every command to the server and validate them there.

But I still don't understand why I can login with ssh, run dd press Ctrl-C
and kill dd _only_, but MC cannot.

-- 
Regards,
Pavel Roskin

Follow-Ups:
- Re: RFC on file_store()
  - From: Pavel Machek

References:
- Re: RFC on file_store()
  - From: Pavel Machek

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]