Closed PhilippMatthes closed 1 year ago
kiliankoe
commented
5 years ago I don't know too much about the current setup, but I'm going to go ahead and guess that the infoscreen still runs in the FSR network, which might as well be seen as a trusted network π If it does run in eduroam it would maybe be even "safer" since there is no inter-device networking?
PhilippMatthes
commented
5 years ago @kiliankoe, I didn't know that the FSR has it's own network ;)
If it does run in eduroam it would maybe be even "safer" since there is no inter-device networking?
Good to know! IMHO, this code still shouldn't exist. To quickly restart the server, it would be trivial to pipe these commands through a SSH.
kiliankoe
commented
5 years ago Restarting like that is definitely an option, but I think the routes here were added so that a tablet on the back of the infoscreen can be used to restart the screen by the press of a button. But yeah, that could definitely be implemented differently as well π Thanks for the good input in any way!
h4llow3En
commented
5 years ago This "feature" was just to maintain the functions of the old infoscreen. And yes it is only accessable through the FSR network. Sadly the tablet which uses this only offers a website with information there is no possibility using ssh.
According to
middleware/infoscreen.py, there is a mapping to/system/shutdown. https://github.com/fsr/infoscreen/blob/60930853934b6e278eeca70202f24ea8c41cb356/middleware/infoscreen.py#L116Can't this route be exploited to shutdown the system remotely, if one finds the local ip address of the server? Didn't have time to further analyze this, so I wanted to drop this here for further investigation. You might as well close this issue if not applicable. β