Further harden exec and raw in the default setup

Closes #568.
2024-11-27 04:59:24 +01:00 · 2021-12-25 00:47:50 -08:00 · 2021-12-25 00:47:50 -08:00 · 171eccf9c7
commit 171eccf9c7
parent d3ccdca3d1
2 changed files with 7 additions and 4 deletions
--- a/plugins/exec.py
+++ b/plugins/exec.py
@ -15,7 +15,9 @@ PPRINT_MAX_LINES = 20
 PPRINT_WIDTH = 200

 if not conf.conf['pylink'].get("debug_enabled", False):
-    raise RuntimeError("pylink::debug_enabled must be enabled to load this plugin")
+    raise RuntimeError("pylink::debug_enabled must be enabled to load this plugin. "
+                       "This should ONLY be used in test environments for debugging and development, "
+                       "as anyone with access to this plugin's commands can run arbitrary code as the PyLink user!")

 def _exec(irc, source, args, locals_dict=None):
    """<code>
--- a/plugins/raw.py
+++ b/plugins/raw.py
@ -4,7 +4,7 @@ raw.py: Provides a 'raw' command for sending raw text to IRC.
 from pylinkirc import utils
 from pylinkirc.coremods import permissions
 from pylinkirc.log import log
-
+from pylinkirc import conf

@utils.add_cmd
 def raw(irc, source, args):
@ -18,8 +18,9 @@ def raw(irc, source, args):
    if irc.protoname == 'clientbot':
        # exec.raw is included for backwards compatibility with PyLink 1.x
        perms = ['raw.raw', 'exec.raw']
-    else:
-        perms = ['raw.raw.unsupported_network']
+    elif not conf.conf['pylink'].get("raw_enabled", False):
+        raise RuntimeError("Raw commands are not supported on this protocol")
+
    permissions.check_permissions(irc, source, perms)

    args = ' '.join(args)