[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev editing forms (was forms)
|
From: |
David Woolley |
|
Subject: |
Re: lynx-dev editing forms (was forms) |
|
Date: |
Tue, 14 Jul 1998 19:54:45 +0100 (BST) |
> around anonymous users, who might somehow use an editor to attack people;
The initial attack is on the system, not people. If someone can get
a shell out of an anonymous Lynx account, they have the potential to
generate a very large volume of spam before they get stopped (this doesn't
need any more than shell access), and also have the opportunity to exploit
other weaknesses in the system, e.g. the Lynx temporary file problems, to
gain access to other accounts, including root. Even without spamming and
general hacking, they can commit a significant amount of theft of service.
Generally the best security policy is to block access as early as possible.
> as to abuse free access to the Internet in that way:
> even the Last Chance Hostel doesn't admit known pyromaniacs.
You have to identify the offenders first, and reports from anonymous Lynx
sites suggests that, maybe, the majority of users will exploit weaknesses to
send chatting email rather than do the academic web browsing for which the
service was designed.
The general implication of this is that Lynx needs to be able to provide
full function with only internal editors, even if it also provides access
to external editors in an environment were shell access is legitimately
available.