[Git][NTPsec/ntpsec][master] Remove the shell command from ntpq.

Eric S. Raymond gitlab at mg.gitlab.com
Sun May 14 19:32:30 UTC 2017 

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
767cb8a9 by Eric S. Raymond at 2017-05-14T15:30:54-04:00
Remove the shell command from ntpq.

The case has been made that it could enable privilege espallation, notably
if "sudo ntpq" is allowed but "sudo sh" is not.

- - - - -


2 changed files:

- docs/includes/ntpq-body.txt
- ntpclients/ntpq


Changes:

=====================================
docs/includes/ntpq-body.txt
=====================================
--- a/docs/includes/ntpq-body.txt
+++ b/docs/includes/ntpq-body.txt
@@ -186,10 +186,6 @@ following.
   to transform nonascii data into a printable (but barely
   understandable) form.
 
-+shell+::
-  Execute the remainder of the line as a shell command. '!' is a
-  synonym for this.
-
 +timeout+ 'milliseconds'::
   Specify a timeout period for responses to server queries. The default
   is about 5000 milliseconds. Note that since +ntpq+ retries each query


=====================================
ntpclients/ntpq
=====================================
--- a/ntpclients/ntpq
+++ b/ntpclients/ntpq
@@ -224,16 +224,6 @@ class Ntpq(cmd.Cmd):
                     return
         cmd.Cmd.do_help(self, arg)
 
-    def do_shell(self, line):
-        "Execute a shell command."
-        sys.stdout.flush()
-        sys.stderr.flush()
-        if os.system(line):
-            self.warn("'shell %s' returned error.\n" % line)
-
-    def help_shell(self):
-        self.say("function: execute the line as a shell command.\n")
-
     def say(self, msg):
         try:
             sys.stdout.write(polystr(msg))



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/767cb8a94535adfbe538c8c4ee3cef904aa16e6b

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/767cb8a94535adfbe538c8c4ee3cef904aa16e6b
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170514/66a56dff/attachment.html>

More information about the vc mailing list