Shoutbox

restrict commands - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Messenger Plus! for Live Messenger (/forumdisplay.php?fid=4)
+---- Forum: WLM Plus! Help (/forumdisplay.php?fid=12)
+----- Thread: restrict commands (/showthread.php?tid=60290)

restrict commands by rezvendous on 06-07-2006 at 05:17 PM

Hi all, Im installing msgplus in a cybercafe and my boss told me that functions potentially dangerous must be removed.

With resource hacker I'd deleted most of them but I cant restrict certain extremely dangerous commands like "execute command" and "send file" etc. I know I can deactivate the msgplus command line but if so, I lose functions like color text, sounds, etc.

Is there any way to deactivate specific commands??.

Congratulations Patchou & co. for your GREAT work.

Many thanks and sorry bout my english, I'm spanish


RE: restrict commands by matty on 06-07-2006 at 05:29 PM

You can disable the options panel (like password protect it)

And create a QuickText inplace of the commands you want removed like /sendfile and /run and just have it return no text that will overwrite the Plus! commands. You will also want to do the same for /dropfile.


RE: restrict commands by rezvendous on 06-07-2006 at 05:56 PM

It works great, i only have to deny permissions to luser in /hku/software/patchou/msgplus2/'user'/preferences/quicktext/quicktext[command]  cos I want to leave some freedom to luser to modify their own configuration and not to protect it by password.

Many thanks


RE: restrict commands by matty on 06-07-2006 at 06:02 PM

That would work I guess, only problem is that they wont be able to create any quicktexts at all.


RE: restrict commands by CookieRevised on 06-07-2006 at 06:07 PM

quote:
Originally posted by rezvendous
With resource hacker I'd deleted most of them
It is not allowed to modify any file from Messenger Plus!.
And certainly not when other people than you have access to it!!

RE: RE: restrict commands by rezvendous on 06-07-2006 at 06:18 PM

quote:
Originally posted by CookieRevised
quote:
Originally posted by rezvendous
With resource hacker I'd deleted most of them
It is not allowed to modify any file from Messenger Plus!.
And certainly not when other people than you have access to it!!



I didn't knew that, I don't usually read EULA, is there some problem to do that? Can I have your agreement? if you want I can send you modified files.

Thanks
RE: restrict commands by matty on 06-07-2006 at 06:29 PM

Other option would be to just create the quicktexts inplace of the commans you want to disable and dont allow the user write permissions to that key. you can allow read but not write and that would work.


RE: restrict commands by rezvendous on 06-07-2006 at 06:40 PM

thats exactly what I did but adding that quicktext in nobody as default user in a try to apply this to all users. but didnt work, the problem is that I dont know the user which will connect to add him the quicktext registry entries.


RE: restrict commands by RaceProUK on 06-07-2006 at 06:51 PM

To be fair, it's only /exec, /dropfile, and similar that are potentially dagerous. All other commands and tags are fine.


RE: restrict commands by matty on 06-07-2006 at 06:55 PM

If you have any programming experience create a DLL for the plugin and an EXE. Have the DLL launch the exe with runas so you can access the registry keys and create them for each user.

If you dont have programming experience PM me the commands you want disabled, and the Admins login and password and I can make it for you.


RE: RE: RE: restrict commands by CookieRevised on 06-08-2006 at 11:50 AM

quote:
Originally posted by rezvendous
quote:
Originally posted by CookieRevised
quote:
Originally posted by rezvendous
With resource hacker I'd deleted most of them
It is not allowed to modify any file from Messenger Plus!.
And certainly not when other people than you have access to it!!

I didn't knew that, I don't usually read EULA, is there some problem to do that? Can I have your agreement? if you want I can send you modified files.
Modifying, reverse engeneering, resource hacking, etc of almost any program is forbidden; you don't even have to read the EULA's for that.

As such you will never get the agreement of the creator to do this.

quote:
Originally posted by raceprouk
To be fair, it's only /exec, /dropfile, and similar that are potentially dagerous. All other commands and tags are fine.

true... but even /dropfile is rather safe. It does nothing more than what the sendfile feature in MSN Messenger itself already can do.

And /exec is as dangereous as the Start > Run command in Windows itself or as any other way there is in Windows to execute a file (which are a lot of ways)

All in all, I think the insecurity is not caused by the use of Messenger Plus!, but caused by not securing/restricting Windows in general. Aka: to protect the PC/Windows from unwanted risks you need to secure/restrict Windows, not restricting 1 out of the many programs which the user can use as that would be actually useless.
RE: restrict commands by rezvendous on 06-08-2006 at 03:25 PM

the point is that I've luser totally restricted, no taskmgr, no access to hdd, no downloading files neither execute any file etc...

I've been working on it many years, you see the desktop and is like a Video player menu or TV etc...

I didn't say that msgplus would be insecure, cos that commands aren't bugs or fails.


RE: restrict commands by rezvendous on 06-12-2006 at 03:22 PM

any other possible solution??