Re: SECURITY ALERT! [Re: How do you execute shell scripts in Mosaic]

Marc VanHeyningen <mvanheyn@cs.indiana.edu>
Errors-To: listmaster@www0.cern.ch
Date: Wed, 8 Jun 1994 14:57:33 +0200
Errors-To: listmaster@www0.cern.ch
Message-id: <9392.771054753@moose.cs.indiana.edu>
Errors-To: listmaster@www0.cern.ch
Reply-To: mvanheyn@cs.indiana.edu
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: Marc VanHeyningen <mvanheyn@cs.indiana.edu>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: SECURITY ALERT! [Re: How do you execute shell scripts in Mosaic] 
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Pete said:
>> Yep - what I am trying to do is execute a script that compares the
>> script that you have asked to be executed with a set of scripts stored
>> in a directory that only I have write access to - if the script to be
>> executed is the same as one in my directory then the script gets
>> executed, otherwise the user get a message/window displaying the 
>> first page of the script and gets asked if they really want to execute
>> the script (the default being NO).
>> 
>> I'm sure there are all sorts of security holes with this strategy that
>> I haven't thought about - which I hope you will now tell me about !

Er, well, sort of.  Obviously it's not difficult to hide nasty stuff
in the second page of the script.  I'm somewhat leery of counting on
the user to be smart enough to judge the safeness of an arbitrary
program on the fly; Stephen Crocker's observations seem on target.

Vinay said: 
>Done ! I did this a while ago. Take a look at:
>
>	http://www.eit.com/software/vsafecsh/vsafecsh.html
>
>Only SunOS, IRIX5.1+, and OSFV2.0 versions available for now.

And naturally people who are security-conscious will want to hurry and
download the binaries for which source is not made available and check
them out. :-)  Do you have any example programs for it (non-trivial
ones, I mean)?

The C shell hardly seems a suitable language for evaluation of
untrusted code.  What's wrong with Safe-Tcl?

- Marc
--
<A HREF="http://www.cs.indiana.edu/hyplan/mvanheyn.html">Marc VanHeyningen</A>