|
On Wed, 15 Mar 2006, Rich Duzenbury wrote:
If one is silly enough to create a /root/.tn5250rc file AND enable remote commands, then I think one may indeed get what one deserves.
I agree. People don't USUALLY connect to untrusted iSeries systems. They usually connect to their own companies, or their clients, where they can trust the people who run the system not to run harmful commands.
Even if they didn't trust the system, the ability to run these commands is turned OFF by default, anyway.
You'd have to knowingly enable STRPCCMD, then knowingly connect to an untrusted system, AND you'd have to do it as root. Seems kinda silly to add protection against that scenario. If that scenario comes up, it's probably on purpose. You probably WANTED to have your remote commands run as root in that case.
If there are harmful commands that someone put on an iSeries to attack a 5250 client that connects, I'd suspect that they'd be designed for Windows clients, anyway :)
But if others feel strongly about this, we could add a new option called +allow_strpccmd_as_root (or some abbreviation of that) in addition to the +allow_strpccmd. That way, if you really wanted to allow them to run as root, you'd have that option. But you'd never do it by mistake.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.