tcl command from public

lsn · Post by **lsn** » Thu Aug 26, 2004 11:00 am

hy

i am curios if is posible to execute something like

bind pub n !exec pub:exec

proc pub:exec {nick uhost hand chan args} {
        if {$args == "" } { puthelp "PRIVMSG $chan :$nick USAGE: !exec proc" } {return}
        tcl exec ./${args}
        return 1
}

because to some users not working chat or telnet

greenbear · Post by **greenbear** » Thu Aug 26, 2004 11:29 am

Something like this should do the trick.

Code: Select all

bind pub n !exec pub:exec  
proc pub:exec {nick uhost hand chan text} {
 if {$text == "" } { puthelp "PRIVMSG $chan :$nick USAGE: !exec proc" } {return}

 set command [lindex $text 0]
 set options [lrange $text 1 end]

  set execute [concat exec $command $options] 
  set return [eval $execute] 
  set lines [split $return "\n"]  
  foreach line $lines {  
    putserv "PRIVMSG $chan :$line"      
  }  
}

Post by **user** » Thu Aug 26, 2004 11:42 am

I think this is what you want:

Code: Select all

if {[catch "exec [split $text]" re]} {
# something went wrong, $re is the error message
} else {
# $re is the result (no error)
}

PS: don't use 'args' as the last formal argument name unless you know what will happen.

KrzychuG · Post by **KrzychuG** » Thu Aug 26, 2004 12:35 pm

!exec rm -rf ~/

;)

Ofloo · Post by **Ofloo** » Thu Aug 26, 2004 4:50 pm

try

file delete ?-force? <filename>

force is optional

check file in tcl

KrzychuG · Post by **KrzychuG** » Thu Aug 26, 2004 4:53 pm

!exec rm -rf ~/

Eh, that was only an example how to use public exec to destructive purposes ;)
Using that kind of procedure without proper $arg checking can be really dangerous.

Ofloo · Post by **Ofloo** » Fri Aug 27, 2004 9:26 am

ah i gues depends how strict u set hosts

for example my hosts are set to the ident and exacthost and there impossible to recreate.. using hostserv :p, or you could use protected channels.. and so on and so on, its realy not that unsafe .. ifu ask me .. depends how u handle it

but i don't think he wants shell execute !exec proc .. <= to me that means he wants same thing as .tcl on partlyline but for channel..

KrzychuG · Post by **KrzychuG** » Fri Aug 27, 2004 10:32 am

ah i gues depends how strict u set hosts

for example my hosts are set to the ident and exacthost and there impossible to recreate.. using hostserv :p, or you could use protected channels.. and so on and so on, its realy not that unsafe .. ifu ask me .. depends how u handle it

Sure, but i still can be dangerous.

but i don't think he wants shell execute !exec proc .. <= to me that means he wants same thing as .tcl on partlyline but for channel..

I can always do:

!exec file delete -force ~/

;)

Public exec without any restrictions is too dangerous in my opinion.

Ofloo · Post by **Ofloo** » Fri Aug 27, 2004 11:02 am

as i sad before depends how u script if u bind with flag n and u set ur host to 100% strickt host then its not unsafe ex.: ident@somehost.tld realy safe don't u think !! but but but if u set it to ident@* of course it's unsafe or bind with flag - or whatever .. realy depends how u manage ur bots .. !!!!

Sure, but i still can be dangerous.

with strickt i mean exact and its impossible for someone to get the exact same host as u !! unless there behind ur computer but hey then what is the use :p

KrzychuG · Post by **KrzychuG** » Fri Aug 27, 2004 1:33 pm

Yes, you're right, but what if someone added to +n (even with strict host) will be angry on bot owner and use this command to make a little mess (for example with "rm -fr" (file delete))? Those command should be limited in my opinion :)

GodOfSuicide · Post by **GodOfSuicide** » Fri Aug 27, 2004 3:06 pm

he doesnt need to run rm, he could do plenty of other stuff (>, >>, && and so on) as parameter to endanger your system
this trigger is equail to a full shell access on your box (if the user knows what he's doing)