diff options
| author | Mattias Andrée <maandree@operamail.com> | 2013-09-30 01:09:23 +0200 |
|---|---|---|
| committer | Mattias Andrée <maandree@operamail.com> | 2013-09-30 01:09:23 +0200 |
| commit | 0262cf31d3a63b8b406868ec905923705b025bc8 (patch) | |
| tree | 6a589ce88bf3f8cba55965629402606ee3e17fc9 /got.py | |
| parent | improve example gotrc (diff) | |
| download | gates-of-tartaros-0262cf31d3a63b8b406868ec905923705b025bc8.tar.gz gates-of-tartaros-0262cf31d3a63b8b406868ec905923705b025bc8.tar.bz2 gates-of-tartaros-0262cf31d3a63b8b406868ec905923705b025bc8.tar.xz | |
patch security hole that allowed to to login as any user without password by using -f
Signed-off-by: Mattias Andrée <maandree@operamail.com>
Diffstat (limited to 'got.py')
| -rwxr-xr-x | got.py | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -19,10 +19,12 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. ''' -import sys import os +import sys +import time from subprocess import Popen + for arg in sys.argv[1:]: if "=" in arg: os.putenv(arg.split("=")[0], "=".join(arg.split("=")[1:])) @@ -30,10 +32,17 @@ for arg in sys.argv[1:]: def spawn(cmd): Popen(cmd, stdin = sys.stdin, stdout = sys.stdout, stderr = sys.stderr).wait() + user = input() if "@" in user: os.putenv("GOT_COMMAND", "ssh " + user) spawn(["login", "-p", "-f", "sshlogin"]) else: - spawn(["login"] + user.split(" ")) + if user.startswith("-"): + spawn(["stty", "-icanon", "-echo", "-isig", "-ixon", "-ixoff", "-ixany"]) + print("\033[01;31mNice try! Sleeping for 10 minutes...\033[00m") + for _ in range(10): + time.sleep(60 * 1000) + else: + spawn(["login", user]) |