Re: RFC on file_store()

From: Pavel Machek <pavel ucw cz>
To: Pavel Roskin <proski gnu org>
Cc: mc-devel gnome org
Subject: Re: RFC on file_store()
Date: Tue, 19 Jun 2001 00:46:26 +0200

Hi!

> > > 1) Write fish_server and run it with exec. Maybe even upload fish_server
> > > if it's not on the server.
> >
> > (If you are going to write fish_server, in which language. If in
> > shell, you can just "stream" your fish_server as it is currently
> > done. If other language... and if it is not there?)
> 
> Of course I meant using shell. But at some point it's easier to have a
> separate file. The idea is that the proposed fish server should never
> execute what it gets from the client without examining it for validity.
> 
> If the client and the server share a key (call it a cookie if you want)
> and use it to validate commands, things like executing random commands
> become quite unlikely.
> 
> Instead of a fixed cookie, it should be possible to send MD5 hashes of
> every command to the server and validate them there.

...yup. Ugly as hell ;-).

> But I still don't understand why I can login with ssh, run dd press Ctrl-C
> and kill dd _only_, but MC cannot.

Maybe it is because you are sending control-c while user control-c
generates signal and that is sent out-of-band? [Not sure it really
works like that.]
								Pavel
-- 
I'm pavel ucw cz  "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss linmodems org

References:
- Re: RFC on file_store()
  - From: Pavel Machek
- Re: RFC on file_store()
  - From: Pavel Roskin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]