client: New option -r for restricted mode

Redirections and the execute command let the user read and write files and run programs on the local system. Restricted mode prevents such access. This is useful when you want to grant somebody access to just Empire, but not to the host system's user account that runs the client. Signed-off-by: Marisa Giancarla <fstltna@me.com> Signed-off-by: Markus Armbruster <armbru@pond.sub.org>
2013-12-07 16:43:13 +01:00 · 2013-12-07 16:43:13 +01:00 · 0a6eb70b28
commit 0a6eb70b28
parent 89b76644b2
4 changed files with 16 additions and 2 deletions
--- a/src/client/main.c
+++ b/src/client/main.c
@ -69,6 +69,7 @@ print_usage(char *program_name)
    printf("Usage: %s [OPTION]...[COUNTRY [PASSWORD]]\n"
 	   "  -2 FILE         Append log of session to FILE\n"
 	   "  -k              Kill connection\n"
+	   "  -r              Restricted mode, no redirections\n"
 	   "  -s [HOST:]PORT  Specify server HOST and PORT\n"
 	   "  -u              Use UTF-8\n"
 	   "  -h              display this help and exit\n"
@ -92,7 +93,7 @@ main(int argc, char **argv)
    char *colon;
    int sock;

-    while ((opt = getopt(argc, argv, "2:ks:uhv")) != EOF) {
+    while ((opt = getopt(argc, argv, "2:krs:uhv")) != EOF) {
 	switch (opt) {
 	case '2':
 	    auxfname = optarg;
@ -100,6 +101,9 @@ main(int argc, char **argv)
 	case 'k':
 	    send_kill = 1;
 	    break;
+	case 'r':
+	    restricted = 1;
+	    break;
 	case 's':
 	    port = strdup(optarg);
 	    colon = strrchr(port, ':');