Re: Annoucement: Local Browser Execution

Philippe-Andre Prindeville <>
Organization: Ecole Nationale Superieure des Telecommunications, Paris
Date: Tue, 14 Dec 93 13:53:18 +0100
From: Philippe-Andre Prindeville <>
Message-id: <>
In-Reply-To: George Phillips <>
        "Annoucement: Local Browser Execution" (Dec 13, 17:36)
References: <>
X-Address: 	E.N.S.T. - Dept. Res. / 46, rue Barrault / 75634 Paris Cedex 13
 		Tel +33(1)  Fax +33(1)
X-Face: >4WM/$ED&E'4zy#c4]"b5^50kZ9W\o}W+e>qU0!;~b|q/.dFb}M4JKOu_gIL[`Zb!=\(t<$
X-Mailer: Z-Mail (2.1.5 20sep93)
To: George Phillips <>,
Subject: Re: Annoucement: Local Browser Execution
On Dec 13, 17:36, George Phillips wrote:
> Subject: Annoucement: Local Browser Execution

> One last thing.  I'm certainly interested in discussing viable
> alternatives to x-exec: and suggestions for improving it.  Flames
> about it being "a bad thing" and/or "the wrong thing" will be
> accepted in the same cheerful spirit as Mosaic Motif flames.

I'm not saying it is a "bad" or "wrong" thing.  But it has to be
pointed out that the possibility for Trojan Horses here is
mind-boggling.  One of the students here had FTP'd a shar file
from a BBS that he thought contained pornographic images.  When
he ran it, it archived and encrypted his directory and told him
where you could send $50 to get the password to unencrypt his files.

Serves him right, I said to myself (not because I'm a moralist
crusading against pornography -- just because you have to be
pretty bleeding daft to run an untrusted shar file in your home

So, does your patch try to use a restricted shell?  If so, what
commands do you limit the agent to?  Do you chroot to a temporary