[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV securing Lynx for boxed-in environments.
From: |
Foteos Macrides |
Subject: |
Re: LYNX-DEV securing Lynx for boxed-in environments. |
Date: |
Mon, 15 Sep 1997 12:00:03 -0500 (EST) |
William Yang <address@hidden> wrote:
>The underlying assumption I'm making is that all code outside of Lynx
>and the kernel is potentially broken. Because Lynx developers are so
>responsive to problems, I'm thinking that Lynx may be a sturdy
>cornerstone of a viable boxed-in environment.
I'm not sure I follow all the jargon in this thread, but
it sounds as though you want to allow certain programs/scripts
in captive/no-shell accounts via Lynx. The intent in such cases
it to build it with EXEC_LINKS defined, but set TRUSTED_EXEC to
"none", and leave ALWAYS_TRUSTED_EXEC set to "none", so that
lynxexec and lynxprog URLs are permitted only in jumps files,
which you control via the global lynx.cfg. The jump shortcuts
can have the security-related switches for those programs/scripts
set, and only programs/scripts you consider safe, or have made
safe via forced inclusion of switches, can be invoked. Read the
extensive comments about this in lynx.cfg.
Fote
=========================================================================
Foteos Macrides Worcester Foundation for Biomedical Research
address@hidden 222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;