KtaneTwitchPlays icon indicating copy to clipboard operation
KtaneTwitchPlays copied to clipboard

Published 20 hours ago verified publisher icon samfundev

set mimic back to SuperUser

Open red031000 opened this issue 1 year ago • 6 comments

mimic is an extremely powerful command, allowing the user to send a command as any other user, as such it should only be accessable to those who are most trusted, which is the superuser group

red031000 avatar Aug 09 '23 19:08 red031000

The mimic command only allows you to mimic users of equal or lower rank. So I'm not sure it needs to be SuperUser.

samfundev avatar Aug 12 '23 05:08 samfundev

while that is true, it is still a very powerful command that is (potentially) open to abuse, and imo should be for the most trusted group only to mitigate that risk

red031000 avatar Aug 12 '23 09:08 red031000

Could you explain what abuse you think could happen using this command? I can't think of any abuse that would be unique to the mimic command.

samfundev avatar Aug 19 '23 00:08 samfundev

while it is true users are restricted to lower or the same access level and abuse of powers can't really happen, I can see mis-attribution of commands happening, with commands running through mimic processed exactly as if another user has run them. when I programmed mimic years ago, it was intended to be used mainly for testing commands as another user

red031000 avatar Aug 19 '23 05:08 red031000

You can't misattribute who ran a command using mimic. Since the mimic command itself is logged, so you could prove that the mimic command was used on you.

samfundev avatar Aug 19 '23 22:08 samfundev

I suppose that is true, I still would like it to be SuperUser however, as that was the original intention

red031000 avatar Aug 24 '23 00:08 red031000