Re: Local Browser Execution

George Phillips <phillips@cs.ubc.ca>
Date: 14 Dec 93 10:43 -0800
From: George Phillips <phillips@cs.ubc.ca>
To: www-talk@nxoc01.cern.ch
Message-id: <7058*phillips@cs.ubc.ca>
Subject: Re: Local Browser Execution
Philippe-Andre Prindeville says:
>So, does your patch try to use a restricted shell?  If so, what
>commands do you limit the agent to?  Do you chroot to a temporary
>directory?

You should really read the documentation
(http://www.cs.ubc.ca/doc/world/exec/intro).  x-exec does not,
repeat, does not just feed arbitrary commands to a shell.
It takes an abstract program name, checks to see if that
program is on a list of allowed programs and runs the
program only if it is on that list.

Obviously there is still the possibility of abuse, but if you're
careful about what programs you have run, there's no problem.

Reed Wade says:
>There will soon be a version of TCL/TK which includes a 'safe'
>operating mode. It is mainly intended for active email but
>would provide a very good operating environment for untrusted
>scripts gotten via WWW.

Again, x-exec: doesn't execute just anything.  I do think a
"safe" interpreter would be interesting, though.  Are such
scripts allowed to write any files?  Some x-exec: scripts
depend heavily on cache files for performance.  Some x-exec:
scripts use files to keep track of history, like the newsreading
stuff.