in reply to Run arbitrary UNIX commands on webserver without telnet
While I think we can all agree that telnet is NOT perfect, I don't think it's wise to allow people to post to a CGI script, and then running arbitary commands on a server.
Even if you are using authenication/authorisation to restrict people from using this script, and the script runs with limited priviledges, and is sandboxed off from the rest of the web server, I still think it's not wise.
If your hosting company doesn't allow SSH or Telnet then I think a better host is a better solution than a script like this.
I've just seen your caveat, I'm pleased you think it's dangerous, I still thinks it's a dangerous thing to do, even if only temporarily.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re(dmm): Run arbitrary UNIX commands on webserver without telnet
by dmmiller2k (Chaplain) on Oct 30, 2001 at 23:41 UTC | |
by rrwo (Friar) on Nov 08, 2001 at 10:01 UTC | |
by dmmiller2k (Chaplain) on Nov 08, 2001 at 20:32 UTC |
In Section
Craft