Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re^2: log the ip of the executor

by Fletch (Bishop)
on Apr 20, 2006 at 12:05 UTC ( [id://544575]=note: print w/replies, xml ) Need Help??


in reply to Re: log the ip of the executor
in thread log the ip of the executor

Of course if the user can in any way manipulate the environment SSH_CLIENT would be of no use. Only trust it if the user can only run this one command via ssh (e.g. using OpenSSH's ability to limit what a user can run via the ~/.ssh/authorized_keys file), and then I'd still be paranoid.

Replies are listed 'Best First'.
Re^3: log the ip of the executor
by Gilimanjaro (Hermit) on Apr 20, 2006 at 14:53 UTC

    Well yeah... Naturally...

    I'm assuming that the SSH-aspect of it all is securely setup. Even the fact that ssh is being used is an assumption.

    The only way to circumevent evildoing like this, would be to look up the process-tree for the ssh-process that we got forked of off, and get the uid/pid that process is running under, and check netstat for the connection details I suppose...

    But the setup itself is quite dangerous; menu.pl has to be VERY tight as it's running root... Hopefully the OP is using taint mode, and untainting properly...

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://544575]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (4)
As of 2024-03-29 12:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found