NotionCommotion Posted May 5, 2017 Share Posted May 5, 2017 Trying to do the following: ClientX operating as User123 creates a socket connection to Server, and Server accepts the connection. At some time in the future, Server sends a message telling ClientX to perform some command (i.e. "ls /some/directory/"). ClientX executes the command using exec($request->command) where $request->command="ls /some/directory/". ClientX captures the output of the command, and sends it back to Server. Now, instead of Server requesting ClientX to perform the task "ls /some/directory/", it requests ClientX to perform some task which User123 does not have authority to do such as reboot, etc. Will Server need to send ClientX each command prefixed with "sudo", and possibly useing sudo -S ..., or can this be performed differently? PS. Yes, I will whitelist and recognize this could be dangerous, and don't wish to change User123's permission to normally have permission to do these commands. Quote Link to comment Share on other sites More sharing options...
requinix Posted May 5, 2017 Share Posted May 5, 2017 Your choice. Personally, if the server is telling the client to execute specific commands (not simply "show me the contents of /some/directory", which I think would be better) then the server is the one responsible for deciding what to do if the command is not allowed. Quote Link to comment Share on other sites More sharing options...
NotionCommotion Posted May 5, 2017 Author Share Posted May 5, 2017 Agree it needs to be the server who is responsible, and likely will not even whitelist. I meant to ask an almost totally different question, and instead of modifying this one, will just start over. Thank you for your response. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.