Posted: Thu Feb 02, 2006 12:56 pm Post subject: Shell Program Ability!
I'm sorry; I don't mean to be stuffing this board with stupid ideas from me as it starts, but this is something I keep meaning to mention, but never can remember!!!
I use AUX service scripts to let POL initiate things outside of itself. That works great most of the time, but what I would -REALLY- like is the ability for POL to be able to start another process through a shell command. I think this would have a lot of uses!
Author
Message
Yukiko
Joined: 02 Feb 2006 Posts: 1094 Location: Southern Central USA
Posted: Sat Feb 04, 2006 6:44 pm Post subject:
That's a good idea.
I think the devs have tried to keep the emulator as secure as possible so that might create a possible exploit for hackers though. It would be up to the shard developers to be the watchdogs to make sure that they didn't use any script - exe combinations that might be dangerous.
You can imagine how this might playout:
"Hey guys I've scripted this whamo-bango-neato package that uses this script to run this cool program that makes your website interface do eyesplitting graphics. Get it at this link."
Some poor soul downloads it and there's a trojan embedded in the "cool' exe file.
So there would definately be a caveat to using this feature.
I definitely agree that it should come with strong warnings, and perhaps some form of default disabled setting in pol.cfg; In other words, you need to specifically enable it in pol.cfg.
Perhaps even have a config file where you must enter in each specific shell program which might be executed through script.
Finally; if such functionality were available, it would also make it much more important to change the account under which POL runs, IMO. I already make sure POL runs as a limited user, which only has access to the files/folders needed (and NOT system/root), but I imagine most just run POL as system/root... bad!!!
You can allways write a thing that is allways connected to AUX and you can send commands to this thing. I have something like this to downloading latest code from svn and ecompile.
That's what I currently do, but it would be nice not to have to have a whole process running just to sit there and wait for POL to tell it to shell something on its behalf.
I created a Windows service for the purpose, and in fact *I* would still be using that service, because I use it for other things as well (it passes events and information to our web site's database server)... but not everyone will want to (or be able to) actually write a program to do this.
