From: <don...@is...> - 2005-12-08 06:00:43
|
> While functions defined in lisp (like &run-cmd;) can be removed > (using &fmakunbound;), the built-in functions (like &shell; and &exec;) > cannot be permanently removed from the run-time, and an experienced > - hacker will be able to invoke then even if you &fmakunbound; their names. > - You can limit the socket server to local connections by passing &sose; > - a local socket as the optional argument.</simpara></warning></para> > + hacker will be able to invoke them even if you &fmakunbound; their names. > + </simpara><simpara>You should limit the socket server to local > + connections by passing &sose; a local &socket-stream; as the optional > + argument.</simpara></warning></para> This reminds me of something I've wondered about. How much do you need to remove in order to close this hole? Let's start with how this hacker would recreate shell. I suppose he could do it with ffi so let's remove that. What else? |