You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by Lyor Goldstein <lg...@apache.org> on 2019/04/08 18:26:09 UTC
Re: commands filter
>> is it possibleto filter remote commands, i.e. I want to reject to
execute some dangerous commands like "rm"
Seems relatively straightforward - since you are a proxy, then I assume you
present your "server" face to the potential clients whose dangerous
commands you want to filter. There are actually 2 command "paths" that can
pass through your proxy facade:
* A single command - as an EXEC channel - easy to handle - you register a
CommandFactory and examine the command you are asked to execute. If it is
deemed "dangerous" then you can close the channel, or return an error exit
code - whatever. Note that this cannot prevent execution of aliases of
dangerous commands or scripts that contain dangerous commands in them
* As a SHELL channel - this is a bit trickier - what you have to do is to
intercept the STDIN and examine the commands before you pass them on to the
real shell for execution. The problem here is more complex since the savvy
user can ask to execute a script instead of a command, and embed the
dangerous commands in the script.
Hope this helps.
Re: commands filter
Posted by bruce <30...@qq.com>.
lgoldstein
Thank you for your soonest reply.
I sure the Shell Channel is I needed. I think the dangerous command
embed in the script is accectble in my case. The method your recommanded
Intercept the STDIN was I considered, my implement is as follow:
I implements the class ChannelDataReceiver and override its member
function
public int data(ChannelSession channel, byte[] buf, int start,
int len)
and then intercept the bytes in the buf.
But I found the Arrow keys (↑ ↓) is diffcult to treat. When I input
"↑", it means the lastest input in history commands(e.g "pwd") will execute
in remote host,but I only catched the char "↑" by intercepting the STDIN.
Dear lgodstein, so how to treat the arrow keys or any other more
effective method could audit the commands
Best Regards
Bruce (行水)
--
Sent from: http://apache-mina.10907.n7.nabble.com/Apache-MINA-Developer-Forum-f6809.html
Re: commands filter
Posted by bruce <30...@qq.com>.
lgoldstein, Thank You!
--
Sent from: http://apache-mina.10907.n7.nabble.com/Apache-MINA-Developer-Forum-f6809.html