Re: SECURITY ALERT! [Re: How do you execute shell scripts in Mosaic]
vinay@eit.COM (Vinay Kumar)
Errors-To: listmaster@www0.cern.ch
Date: Wed, 8 Jun 1994 01:59:29 +0200
Errors-To: listmaster@www0.cern.ch
Message-id: <9406072357.AA20553@eit.COM>
Errors-To: listmaster@www0.cern.ch
Reply-To: vinay@eit.COM
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: vinay@eit.COM (Vinay Kumar)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: SECURITY ALERT! [Re: How do you execute shell scripts in Mosaic]
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Done ! I did this a while ago. Take a look at:
http://www.eit.com/software/vsafecsh/vsafecsh.html
Only SunOS, IRIX5.1+, and OSFV2.0 versions available for now.
Enjoy,
--
Vinay Kumar
vinay@eit.com
> From www-talk@www0.cern.ch Tue Jun 7 16:17:46 1994
> From: Pete <P.D.Mallinson@liverpool.ac.uk>
>
> Yep - what I am trying to do is execute a script that compares the
> script that you have asked to be executed with a set of scripts stored
> in a directory that only I have write access to - if the script to be
> executed is the same as one in my directory then the script gets
> executed, otherwise the user get a message/window displaying the
> first page of the script and gets asked if they really want to execute
> the script (the default being NO).
>
> I'm sure there are all sorts of security holes with this strategy that
> I haven't thought about - which I hope you will now tell me about !
>
>
> That's effectively what I did - and it worked (with Mosaic and Lynx)
> (I have used .mailcap and .mime.types in my $HOME directory and
> mailcap and mime.types in /usr/local/lib/mosaic)
>
> Pete
>