[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Securing lynx 2.6 for use as a shell
From: |
Foteos Macrides |
Subject: |
Re: LYNX-DEV Securing lynx 2.6 for use as a shell |
Date: |
Sun, 24 Nov 1996 17:14:24 -0500 (EST) |
address@hidden (David Woolley) wrote:
>>
>> Can you point me to a document that describes how to secure lynx so that
>> users absolutely CANNOT run /bin/sh from within lynx? We've secured our
>
>There was a good article on comp.risks in the last couple of weeks
>explaining why this is an impossible request. The basic thesis was that
>making a system secure requires every loophole to be identified and
>plugged, but breaking security only requires someone to find the n
>plus oneth.
>
>However, you should look carefully at how Lynx is launched and the
>external programs (mailers, mailcap, printers) that is can access.
Note that Lynx with -validate comes close to achieving the
"impossible", because it's intended to allow checking of HTML via
http servers from an anonymous account, and thus disables *everything*
except fetching and rendering of http URLs. But it still depends on
the site administrator being knowledgeable enough about his/her
operating system to make sure the user can't break out while Lynx
is being loaded, and will be forced out on exit from Lynx.
On VMS, if you set the account to CAPTIVE. That should prevent
the user from reaching the command line no matter what, but you still
have to make sure no helper app called by Lynx sets the TRUSTED flag
inappropriately (not likely, but check the helper apps for that overtly).
Fote
=========================================================================
Foteos Macrides Worcester Foundation for Biomedical Research
address@hidden 222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;