Andras Barna ??: > On Thu, Aug 14, 2008 at 8:02 PM, Brian Cameron <Brian.Cameron at sun.com> > wrote: >> Andras/Henry: >> >>> note: plugins can be installed in ~/.gkrellm2/plugins too >> I thought Henry said that only sysadmins could install plugins. Yes, sysadmins can install plugins into /usr/lib/gkrellm2/plugins; meanwhile end-user can install his own plugins into his home dir ~/.gkrellm2/plugins-gkrellmd/. >> >> If an end-user can install and run plugins, is it possible to exploit >> the framework in any way? If someone tricks a user into installing a >> malicious plugin, what bad things can happen, if any. >> >> Does the sysadmin have control over whether plugins in user $HOME >> directories get recognized or not? I think the Gkrellm is designed to allow user to add his own plugins, so sysadmin can't control those plugins. If we think those plugins are dangerous, we may disable to run those plugins? > > they are recognized and loaded automatically. > check gkrellm.h > #define GKRELLM_PLUGINS_DIR ".gkrellm2/plugins" > and src/plugins.c > i dont see any restriction > > I don't think that the admin can control it. GKrellM is composed of gkrellmd server and gkrellm client.
.gkrellm2/plugins is for gkrellm client, it is used for gkrellm running to show the status of the local machine. The ~/.gkrellm2/plugins-gkrellmd/ is used to store server plugins for user, so user can add some his own plugins, and then run gkrellm client remotely to get the relative information. > > >> Brian >> > > >
