Redirections and the execute command let the user read and write files
and run programs on the local system.
Restricted mode prevents such access. This is useful when you want to
grant somebody access to just Empire, but not to the host system's
user account that runs the client.
Signed-off-by: Marisa Giancarla <fstltna@me.com>
Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
.B \-k
If someone else is connected to your country, kill their connection.
.TP
.B \-k
If someone else is connected to your country, kill their connection.
.TP
+.B \-r
+Restricted mode: disable redirections and execute command.
+.TP
.BI \-s " [host:]port"
Specify server \fIhost\fR and \fIport\fR.
.TP
.BI \-s " [host:]port"
Specify server \fIhost\fR and \fIport\fR.
.TP
printf("Usage: %s [OPTION]...[COUNTRY [PASSWORD]]\n"
" -2 FILE Append log of session to FILE\n"
" -k Kill connection\n"
printf("Usage: %s [OPTION]...[COUNTRY [PASSWORD]]\n"
" -2 FILE Append log of session to FILE\n"
" -k Kill connection\n"
+ " -r Restricted mode, no redirections\n"
" -s [HOST:]PORT Specify server HOST and PORT\n"
" -u Use UTF-8\n"
" -h display this help and exit\n"
" -s [HOST:]PORT Specify server HOST and PORT\n"
" -u Use UTF-8\n"
" -h display this help and exit\n"
- while ((opt = getopt(argc, argv, "2:ks:uhv")) != EOF) {
+ while ((opt = getopt(argc, argv, "2:krs:uhv")) != EOF) {
switch (opt) {
case '2':
auxfname = optarg;
switch (opt) {
case '2':
auxfname = optarg;
case 'k':
send_kill = 1;
break;
case 'k':
send_kill = 1;
break;
+ case 'r':
+ restricted = 1;
+ break;
case 's':
port = strdup(optarg);
colon = strrchr(port, ':');
case 's':
port = strdup(optarg);
colon = strrchr(port, ':');
extern int input_fd;
extern int send_eof;
extern FILE *auxfp;
extern int input_fd;
extern int send_eof;
extern FILE *auxfp;
#ifdef HAVE_CURSES_TERMINFO
void getsose(void);
#ifdef HAVE_CURSES_TERMINFO
void getsose(void);
int eight_bit_clean;
FILE *auxfp;
int eight_bit_clean;
FILE *auxfp;
static FILE *redir_fp;
static int redir_is_pipe;
static FILE *redir_fp;
static int redir_is_pipe;
{
size_t seen = seen_input(arg);
{
size_t seen = seen_input(arg);
+ if (restricted) {
+ fprintf(stderr, "Can't %s in restricted mode\n", attempt);
+ return 0;
+ }
+
if (executing) {
fprintf(stderr, "Can't %s in a batch file\n", attempt);
return 0;
if (executing) {
fprintf(stderr, "Can't %s in a batch file\n", attempt);
return 0;