Re: HTTP problem or Mosaic problem?

vinay@eit.COM (Vinay Kumar)
Date: Wed, 15 Jun 1994 21:47:46 +0200
Message-id: <9406151941.AA04839@eit.COM>
Reply-To: vinay@eit.COM
Precedence: bulk
From: vinay@eit.COM (Vinay Kumar)
To: Multiple recipients of list <>
Subject: Re: HTTP problem or Mosaic problem?
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
This is how vsafecsh works:

1. It maintains a table of trusted and un-trusted binaries.

2. Whenever a set of programs come from a server, Mosaic looks
   up the mime-type application/x-csh and fires up vsafecsh.

3. vsafecsh then parses each command-set to see if the command-set
   is trusted. If yes, then it parses the components of the command-set
   to look for un-trusted commands.

e.g. if "xterm" is trusted, and "rm" if untrusted, then a command-set like
     "xterm -e rm" will not be executed. Fair enough ?

4. If step 3 goes failsafe, then it does a fork and exec.

5. If step 3 fails, then NOOP.

Now it should be easy to replace the mime-type application/x-csh with
application/x-mumbo, and ask the server to spit the same, and use the same
vsafecsh to do the fork and exec of multiple scripts. [or maybe i should
change the name to vsafemumbo....]

vsafecsh is still being tested, so if something doesn't work, or some features 
you don't like, please feel free to report it to me directly.

  Vinay Kumar