2020-01-02 23:35:19 +01:00

1.1 KiB


I’m sorry?

RCEAADB. Remote code execution as a discord bot. Almost as good as ncmpcpp.

But why? Do you hate security that much?


Seriously, why?

I saw a use for this. More than once did people ask me (or someone else) to interrupt a long-running script, restart a game server, a discord bot, etc. because something was broken, and restarting it was the easiest way to ‘fix’ it.

The idea here is to give people you trust a way to selectively run certain commands on a server. The bot will only ever execute the commands from the config. The only user input are the triggers in discord messages that are then checked against the config. No message content is ever executed, neither directly nor indirectly. Every command is limited to one or multiple users. See the example config for more information.

Obviously, this can still be a security issue if you give people the wrong commands to play with, but if you only use it to restart a few systemd units, it should be fine. Your moderators will thank you, and the nightly pings asking you to restart the damn bot will stop as well.