[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pubLynx reinstated LYNX-DEV
From: |
Foteos Macrides |
Subject: |
Re: pubLynx reinstated LYNX-DEV |
Date: |
Mon, 07 Jul 1997 19:19:38 -0500 (EST) |
Jonathan Sergent <address@hidden> wrote:
>Foteos Macrides <address@hidden> wrote:
> ] I don't plan to use an LYExec() for Unix downloader and printer
> ] options, rather than just ensuring that the LYNXDOWNLOAD: and
> ] LYNXPRINT: URLs are the paths or scripts derived from lynx.cfg, with
> ] quote_path() applied to the arguments. With the adequate protections
> ] in place, I don't see any reason to block the Unix scripting capability,
> ] which is a much nicer way, for example, to get around zmodem/sz's
> ] inability to handle a second argument, than having to use an external
> ] script file with execl(). The DIRED stuff is using execl(), because
> ] that uses the paths defined in userdefs.h, and no scripts.
>
>I don't see how not using system() and using scripting in downloader and
>printer definitions are mutually exclusive. All that system()
>does is execl("sh","-c",arg,(char *)0). Downloader definitions that
>need shell processing (most of them, I guess) could have "sh -c"
>prepended to them.
>
>A more backward-compatible way to handle this would be to create
>an EXECDOWNLOADER definition syntax of some sort that would run a
>program with the given path with
>
> execl(download_command->command, cp, cp1);
>
>... this would allow system admins to create "secure" downloaders.
>
>This is all a bit paranoid I suppose, but an ounce of prevention...
I must be missing something, like having missed that I could
make Lynx do things it shouldn't be able to do on Scott's solaris,
because he had put me in the sysadmin group, although, aside from the
headaches it caused Scott, that worked out for the best because I
added protections against Lynx doing things it shouldn't do when
you invoke it in the syadmin group. :) :)
If you invoke execl() with a SHELL_PATH, can't the arguments
be scripts, and if so, what have you gained?
Fote
=========================================================================
Foteos Macrides Worcester Foundation for Biomedical Research
address@hidden 222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: pubLynx reinstated LYNX-DEV,
Foteos Macrides <=