RFC on file_store()
Pavel Machek
pavel at ucw.cz
Mon Jun 18 22:46:26 UTC 2001
Hi!
> > > 1) Write fish_server and run it with exec. Maybe even upload fish_server
> > > if it's not on the server.
> >
> > (If you are going to write fish_server, in which language. If in
> > shell, you can just "stream" your fish_server as it is currently
> > done. If other language... and if it is not there?)
>
> Of course I meant using shell. But at some point it's easier to have a
> separate file. The idea is that the proposed fish server should never
> execute what it gets from the client without examining it for validity.
>
> If the client and the server share a key (call it a cookie if you want)
> and use it to validate commands, things like executing random commands
> become quite unlikely.
>
> Instead of a fixed cookie, it should be possible to send MD5 hashes of
> every command to the server and validate them there.
...yup. Ugly as hell ;-).
> But I still don't understand why I can login with ssh, run dd press Ctrl-C
> and kill dd _only_, but MC cannot.
Maybe it is because you are sending control-c while user control-c
generates signal and that is sent out-of-band? [Not sure it really
works like that.]
Pavel
--
I'm pavel at ucw.cz. "In my country we have almost anarchy and I don't care."
Panos Katsaloulis describing me w.r.t. patents at discuss at linmodems.org
More information about the mc-devel
mailing list