[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV securing Lynx for boxed-in environments.
From: |
Foteos Macrides |
Subject: |
Re: LYNX-DEV securing Lynx for boxed-in environments. |
Date: |
Mon, 15 Sep 1997 19:28:16 -0500 (EST) |
William Yang <address@hidden> wrote:
>Foteos Macrides wrote something like:
>
>> I'm not sure I follow all the jargon in this thread, but
>> it sounds as though you want to allow certain programs/scripts
>> in captive/no-shell accounts via Lynx. The intent in such cases
>> it to build it with EXEC_LINKS defined, but set TRUSTED_EXEC to
>> "none", and leave ALWAYS_TRUSTED_EXEC set to "none", so that
>> lynxexec and lynxprog URLs are permitted only in jumps files,
>> which you control via the global lynx.cfg. The jump shortcuts
>> can have the security-related switches for those programs/scripts
>> set, and only programs/scripts you consider safe, or have made
>> safe via forced inclusion of switches, can be invoked. Read the
>> extensive comments about this in lynx.cfg.
>
>If I'm understanding what you're recommending, your recommended
>solution will not allow me to set up an arrow-key-navigable menu which
>will directly invoke a mail client (or any other program).
>
>That means that, for the end-user, the transition between the "menu
>system" (Lynx) and the various other client programs that might be
>used (PINE, telnet, what have you) will be visible and obvious (which
>is somewhat problematic).
I'm recommending that your read and understand the "self
documentation" (comments) in userdefs.h and lynx.cfg, before going
much further on setting up a secure freenet.
The jumps file scheme initially was developed by David Trueman
for the Chebucto freenet. You can set up a number of jumps files,
mapped to different keystroke commands (beyond the 'j' default), which
allow you to access menus of shortcut names and definitions/links.
Once the user knows the shortcut names (e.g., "pine", if you've included
that as a shortcut name, for a lynxprog URL with appropriate switches
included) the user can simply enter that name, rather than navigating
via arrow and other navigation keys through the menu, or navigating
tediously through a local file system to arbitrary files with lynxprog
and/or lynxexec URLs.
>I'm not only after setting switches and flags on programs. I'm after
>being sure that only those programs which are EXPLICITLY and
>CONSCIOUSLY specified can be run (which would include the programs
>which are run in unexpected places from Lynx, such as /bin/mv being
>part of the bookmark deletion process). This dramatically reduces the
>risk of administrator error/laziness from threatening system security.
If you want switches in your MV_PATH and/or other foo_PATH
definitions, add them in userdef.h (or lynx_cfg.h for the devel code)
before actually compiling lynx.
Fote
=========================================================================
Foteos Macrides Worcester Foundation for Biomedical Research
address@hidden 222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;