[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV CERT
From: |
Jim Dennis |
Subject: |
Re: LYNX-DEV CERT |
Date: |
Mon, 23 Jun 1997 19:30:20 -0700 |
> Nice bug. Sidenote, lynx retains the permissions of the user its run
> as when it executes a shell, or reads a file. But, if someone runs
> Lynx as root publicly..ouch.
At the risk of sounding unkind:
WHAT KIND OF IDIOT WOULD DO THAT!
However, I am curious as to whether there is any consensus
as to the best way to implement a public lynx server.
I've got a co-located host on which I'm willing to provide
this service -- so long as it can be done reasonably securely
and with a reasonable assurance of impinging on the bandwidth
the rest of the machines services.
I see one method would be to create a chroot jail and
to use Vietse Wenema's chrootuid command as the login shell
for a virtual user (i.e. 'lynx') with no password.
I've set up a such a chroot jail.
What I wonder is how I'd implement that as a simple --
telnet to port foo on myhost (no login prompts). I've
though about doing something like running a copy of
chroot/telnetd on the port -- and have the /bin/login in
that chroot jail *be* a copy of lynx (SUID nobody).
Or does someone have a wrapper to do all the TERM options
and negotiations that telnetd does and then start a program
on that pty?
I've also played with the old /etc/passwd '*' in the shell
field (which Linux seems to want to do something with --
but which hasn't quite worked for me yet).
So, how are the other public lynx sites doing it?
Would we like to add this to the web pages?
> ---
> Duncan Hill
>---------------------------------------------------------------------------
> Cogito cogitare ergo cogito esse
You think there is though, therefore thinking exists?
(Sorry, my latin is practically non existent --
I recognize "cogito ergo sum" which is usually translated
to "I think therefore I am" but I was never educated in
declensions -- so I don't know anything about 'cogitare' or
'esse')
> Email: address@hidden : address@hidden
> http://www.bajan.org : http://www.cropover.com
>---------------------------------------------------------------------------
--
Jim Dennis, address@hidden
Proprietor, address@hidden
Starshine Technical Services http://www.starshine.org
PGP 1024/2ABF03B1 Jim Dennis <address@hidden>
Key fingerprint = 2524E3FEF0922A84 A27BDEDB38EBB95A
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- LYNX-DEV CERT, Duncan Hill, 1997/06/23
- Re: LYNX-DEV CERT,
Jim Dennis <=