SECURITY ALERT! [Re: How do you execute shell scripts in Mosaic]

Stephen D Crocker <crocker@tis.com>
Errors-To: listmaster@www0.cern.ch
Date: Tue, 24 May 1994 21:53:45 +0200
Errors-To: listmaster@www0.cern.ch
Message-id: <9405241951.AA12844@tis.com>
Errors-To: listmaster@www0.cern.ch
Reply-To: crocker@tis.com
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: Stephen D Crocker <crocker@tis.com>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: SECURITY ALERT! [Re: How do you execute shell scripts in Mosaic]
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Simon,

Are you asking about how to execute a script on the client side that
comes in from an arbitrary hypertext link?  If so, there's a potential
security issue.  There's essentially no limit on what damage the
script can do.

Steve

> 	Has anyone managed to execute a shell script from a hypertext
> link in a html style document within mosaic. I understand it is
> possible, from the notes I have seen on this matter I have changed the
> following files:
> 
> 	added the following to the .mailcap file
> application/x-csh; csh -f %s
> 
> 	the following is included in the mime.types file
> application/x-csh	csh
> 
> I have made the above changes and it does not work. I have the added
> constraint in that I am not using a http server, our network is
> strictly internal.  When you want to execute a shell script do you
> use a normal hypertext link, ie use the href="filename" command?
> 
> Any advice would be most welcome.
> 
> Simon Tuson
> tuson@uk.ac.cran.rmcs