[Gllug] Shell > HTML

Andy Farnsworth farnsaw at stonedoor.com
Wed Apr 23 12:22:19 UTC 2003


You can do this using CGI rather than HTML directly, but it is very
dangerous.  If you want to do something simple like run the 'ls' command,
give them the option of running it, but don't let them supply parameters.
If you do, then they could put something like this as the parameter " -l;
rm -rf /*" and it would list the contents of the directory and then erase
everything from the computer that the user the code is running as has access
too.  The code usually runs as the web server user which is usually set to
"nobody" so it's not totally dangerous if you are setup correctly, but it
sure isn't safe.

Andy Farnsworth
-------------------------------
Mobile   : +44 (0) 7736 952 749
@Timeless: +44 (0)  208 818 2929
E-Mail   : farnsaw at stonedoor.com
E-Mail   : afarnsworth at timeless-group.com

> -----Original Message-----
> From: gllug-admin at linux.co.uk [mailto:gllug-admin at linux.co.uk]On Behalf
> Of Lobster
> Sent: April 23 2003 02:55
> To: gllug at linux.co.uk
> Subject: [Gllug] Shell > HTML
>
>
>
> >If you want to follow such a path then I suggest an alternative
> approach -
> >make your project available for Windows in source form only.
> >
> >Jason Clifford
>
>
> :-)
> You probably understand what you are
> doing and why . . .
> :-)
> I am very new to Linux
> - not competing - not trying to win - radical
> (a winning strategy . . .)
>
> My interest is in a working system
> that improves (for the users)
> rather than 'improves'
> for the suppliers of the OS.
>
> I am not really interested (anymore) in the
> mechanics . . .
>
> As a new user I am finding Debian Lynix very secure.
> So secure I can barely get in to save text files . . .
> . . . oh dear . . .
>
> :-)
>
> Ah well . . .
> [had to learn all about permissions]
>
> Now I am interested in accessing the shell
> from HTML
>
> so for example a hyperlink
> like this will access a persons local hard disk
> (well on Windows it will)
>
> file://localhost/C:/
> file://localhost/D:/
>
> Can I do something in HTML and shell combined?
> the bash shell seems - well POWERFUL
> - am I turning into a penguin nerd . . .
> (I want to do a web page on a server/desktop
> that shows the shell commands and perhaps runs
> them/ explains/ links etc - maybe someone has done this?)
> This would develop my understanding . . .
>
> So what I am thinking of is html linked to small bash scripts
> perhaps . . . ?
>
> I am not really into the java/javascript
> side (but could find someone for this . . .)
> but would prefer to do it with HTML
> and make it as clear as possible
> as I feel the documentation
> I have read so far is little more than
> Martian Geek talk
> (with no offence to Martian Geeks)
>   . . . which I may just have been speaking . . .
>
> Thanks guyz
> Lobster Shell
>
>
>
> --
> Gllug mailing list  -  Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug
>



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list