[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Securing lynx 2.6 for use as a shell
From: |
WHITLOCK |
Subject: |
Re: LYNX-DEV Securing lynx 2.6 for use as a shell |
Date: |
Sat, 23 Nov 1996 08:23:43 -0600 (CDT) |
Sean Harp <address@hidden> wrote:
> Can you point me to a document that describes how to secure lynx so that
> users absolutely CANNOT run /bin/sh from within lynx? We've secured our
> lynx 2.6 copy as best as we know how, but users are still able to fork a
> shell from within lynx and then arbitrarily telnet anywhere they want
If you have *any* lynxexec: or lynxprog: tags on your menus, you need to
make sure that whatever programs they invoke can't be shelled out of, either.
And the programs that *those* programs invoke can't be shelled out ot.
Even something like using "more" to display files can be a problem, since
(at least some versions of) more has a command to drop into vi, and vi has
a shell escape.
And although most programs use what's in /etc/passwd as the program to
shell, I've seen one common one that has -- excuse me, HAD :-) --
/bin/sh hard-coded.
Then, make sure the config file has lynxexec/lynxprog restricted to a tree
that only the system admin can write to, or if you aren't using it, turn it
off entirely.
Telnet is harder, since if a person can create a page of html that they can
get to in some way (such as a friend with a home page on another system
who's willing to do them a favor), they can put in whatever telnet://xxxx
tag they want. I believe the localhost equivilencies address this.
(and to the person who asked, no, I won't give exact keystrokes. Please
find someone who knows you well enough to be sure your great interest
in security matters is strictly honorable!)
-- Brad Whitlock
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;