List Info

Thread: Support for STRPCCMD
Support for STRPCCMD
user name
 2006-03-14 22:50:54 
I added support for STRPCCMD (a command sent to the PC
through the 5250 
data stream) to lib5250.  I just finished committing the
changes.

A few things to note:

a) I disabled this feature by default.  To enable it, set
+allow_strpccmd 
in your tn5250rc file. (or $HOME/.tn5250rc, or command-line
option, etc)

b) I couldn't find any docs for how this is supposed to
work. I hacked it 
together by sniffing the data stream, so please help test
it!  If you know 
where I can find any real docs on this, I'd appreciate it.

c) Because the support is integrated into lib5250, it'll
work with any 
terminal (Win32, Curses, S/Lang, x5250)

d) I wrote code for running the command for POSIX systems
and for Windows. 
I don't know if there are other systems that need this
support, but if 
there are, more code may need to be written.

Please try it out and report any issues to the mailing list.
 Thanks!

---
Scott Klement  http://www.scottklement.c
om
-- 
This is the Linux 5250 Development Project (LINUX5250)
mailing list
To post a message email: LINUX5250midrange.com
To subscribe, unsubscribe, or change list options,
visit: 
http://lists.midrange.com/mailman/listinfo/linux5250
or email: LINUX5250-requestmidrange.com
Before posting, please take a moment to review the archives
at http://archive
.midrange.com/linux5250.
Support for STRPCCMD
user name
 2006-03-15 00:59:42 
On Tue, 14 Mar 2006, Scott Klement wrote:

> I added support for STRPCCMD (a command sent to the PC
through the 5250
> data stream) to lib5250.  I just finished committing
the changes.

I just looked at the code.  Maybe this is a dumb idea, but
would it be 
good to check that the command to be run isn't going to do
some damage to 
the system?  For example, if running as root perhaps tn5250
could refuse 
to enable the STRPCCMD support, regardless of the config
(obviously with a 
message telling what is going on)?

James Rich

It's not the software that's free; it's you.
 	- billyskank on Groklaw
-- 
This is the Linux 5250 Development Project (LINUX5250)
mailing list
To post a message email: LINUX5250midrange.com
To subscribe, unsubscribe, or change list options,
visit: 
http://lists.midrange.com/mailman/listinfo/linux5250
or email: LINUX5250-requestmidrange.com
Before posting, please take a moment to review the archives
at http://archive
.midrange.com/linux5250.
Support for STRPCCMD
user name
 2006-03-15 15:43:18 
On Tue, 2006-03-14 at 17:59 -0700, James Rich wrote:
> On Tue, 14 Mar 2006, Scott Klement wrote:
> 
> > I added support for STRPCCMD (a command sent to
the PC through the 5250
> > data stream) to lib5250.  I just finished
committing the changes.
> 
> I just looked at the code.  Maybe this is a dumb idea,
but would it be 
> good to check that the command to be run isn't going
to do some damage to 
> the system?  For example, if running as root perhaps
tn5250 could refuse 
> to enable the STRPCCMD support, regardless of the
config (obviously with a 
> message telling what is going on)?

Simple.  Rule 1 of linux/unix - never run as root.

I really like the idea that it has to be enabled in the
config file.  

If one is silly enough to create a /root/.tn5250rc file AND
enable
remote commands, then I think one may indeed get what one
deserves.

Regards,
Rich



-- 
This is the Linux 5250 Development Project (LINUX5250)
mailing list
To post a message email: LINUX5250midrange.com
To subscribe, unsubscribe, or change list options,
visit: 
http://lists.midrange.com/mailman/listinfo/linux5250
or email: LINUX5250-requestmidrange.com
Before posting, please take a moment to review the archives
at http://archive
.midrange.com/linux5250.
Support for STRPCCMD
user name
 2006-03-16 23:03:49 
On Wed, 15 Mar 2006, Rich Duzenbury wrote:
>
> If one is silly enough to create a /root/.tn5250rc file
AND enable
> remote commands, then I think one may indeed get what
one deserves.
>

I agree.  People don't USUALLY connect to untrusted iSeries
systems. They 
usually connect to their own companies, or their clients,
where they can 
trust the people who run the system not to run harmful
commands.

Even if they didn't trust the system, the ability to run
these commands is 
turned OFF by default, anyway.

You'd have to knowingly enable STRPCCMD, then knowingly
connect to an 
untrusted system, AND you'd have to do it as root.  Seems
kinda silly to 
add protection against that scenario.  If that scenario
comes up, it's 
probably on purpose.  You probably WANTED to have your
remote commands run 
as root in that case.

If there are harmful commands that someone put on an iSeries
to attack a 
5250 client that connects, I'd suspect that they'd be
designed for Windows 
clients, anyway 

But if others feel strongly about this, we could add a new
option called 
+allow_strpccmd_as_root  (or some abbreviation of that) in
addition to the 
+allow_strpccmd. That way, if you really wanted to allow
them to run as 
root, you'd have that option.  But you'd never do it by
mistake.

-- 
This is the Linux 5250 Development Project (LINUX5250)
mailing list
To post a message email: LINUX5250midrange.com
To subscribe, unsubscribe, or change list options,
visit: 
http://lists.midrange.com/mailman/listinfo/linux5250
or email: LINUX5250-requestmidrange.com
Before posting, please take a moment to review the archives
at http://archive
.midrange.com/linux5250.
[1-4]

about | contact  Other archives ( Real Estate discussion Medical topics )