Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Suggestions for solution - command shell web interface ??

__/ [Dave] on Sunday 20 November 2005 18:54 \__

> Can anyone suggest a way to run a UNIX interactive command line program
> (normally run at the shell prompt), on a web server, so a web interface
> is presented? (I want to be able to run it form a Windoze box).


Have a look at PHP Shell:

http://mgeisler.net/php-shell/

I installed it on my domain a few weeks ago. You can restrict it accordingly
by tweaking the source code, I guess.


> It has a shell escape,, but I suspect with a bit of effort I can run it
> in the restricted shell (/usr/lib/rsh) which would stop someone changing
> directories or redirecting output.


Yes, if it is made public, also make sure that the CPU cannot be misused
(e.g. automated requests in the name of vandalism).


> This is how it is normally run (by me anyway):
> 
> sparrow /export/home/drkirkby % someprog
> 
> In[1]:= 25! (* 25 factorial *)
> 
> Out[1]= 15511210043330985984000000
> 
> It will accept input on the standard input, which is how it is used in
> client/server appliations.
> 
> sparrow /export/home/drkirkby % echo "Integrate[Tan[y^2],x]" | someprog
> 
> In[1]:=
>                 2
> Out[1]= x Tan[y ]
> 
> So perhaps creating a form that copies the form's contents to stdin of
> the program and collects stdout will do. But whilst I need to be able to
> type arbitray commands into the program, I will probably need to restict
> the damage it can do.


How about making it password-protected and available only to trusted people?


> I can see several ways of doing this
> 
> 1) Webmin - but a sledgehammer to crack a wallnut, and surely a security
> nightmare.
> 2) Form as mentioned.
> 3) A web based ssh client - any suggestions?


MindTerm, e.g. the free access via Duke university:

http://www.oit.duke.edu/sa/security/ssh.html


> 4) Run the ssh client putty from the Putty site on a Windoze box. (I
> think the chacces of me wanting to run this from a Mac are pretty small
> and from a UNIX box I would just use SSH).


Only yesterday I wrote about SSH access from just about any device including
mobiles:

http://schestowitz.com/Weblog/archives/2005/11/19/terminal-platform/


> I will have to put it on a secured server (probably Basic Apache and an
> SSL server), so perhaps the security risk is pretty low, especially if
> its runs on its own server, which does nothing else.


Be very, very careful. These things /will/ get misused if it is made
possible.


> Any general thoughts on how *best* to tackle this.


I hope my advice and pointers are generally helpful...

Roy

-- 
Roy S. Schestowitz      |    (S)oftware (U)nd (S)ystem(E)ntwicklung
http://Schestowitz.com  |    SuSE Linux     |     PGP-Key: 0x74572E8E
  6:25am  up 18 days  2:19,  4 users,  load average: 0.86, 0.47, 0.54
      http://iuron.com - next generation of search paradigms

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index