SECURITY ALERT! [Re: How do you execute shell scripts in Mosaic]
Stephen D Crocker <crocker@tis.com>
Errors-To: listmaster@www0.cern.ch
Date: Tue, 24 May 1994 21:53:45 +0200
Errors-To: listmaster@www0.cern.ch
Message-id: <9405241951.AA12844@tis.com>
Errors-To: listmaster@www0.cern.ch
Reply-To: crocker@tis.com
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: Stephen D Crocker <crocker@tis.com>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: SECURITY ALERT! [Re: How do you execute shell scripts in Mosaic]
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Simon,
Are you asking about how to execute a script on the client side that
comes in from an arbitrary hypertext link? If so, there's a potential
security issue. There's essentially no limit on what damage the
script can do.
Steve
> Has anyone managed to execute a shell script from a hypertext
> link in a html style document within mosaic. I understand it is
> possible, from the notes I have seen on this matter I have changed the
> following files:
>
> added the following to the .mailcap file
> application/x-csh; csh -f %s
>
> the following is included in the mime.types file
> application/x-csh csh
>
> I have made the above changes and it does not work. I have the added
> constraint in that I am not using a http server, our network is
> strictly internal. When you want to execute a shell script do you
> use a normal hypertext link, ie use the href="filename" command?
>
> Any advice would be most welcome.
>
> Simon Tuson
> tuson@uk.ac.cran.rmcs