[1111] in linux-security and linux-alert archive
[linux-security] Re: LYNX-DEV security problem with environment for lynx
daemon@ATHENA.MIT.EDU (Christopher Blizzard)
Thu Aug 29 19:24:44 1996
To: linux-security@tarsier.cv.nrao.edu
In-reply-to: Your message of "Wed, 28 Aug 1996 02:24:07 EDT."
<199608280624.CAA00419@tarsier.cv.nrao.edu>
Date: Wed, 28 Aug 1996 14:11:33 -0400
From: Christopher Blizzard <blizzard@odin.nyser.net>
[REW: Quoting trimmed. About anonymous gopher lynx etc accounts:]
In the past for both gopher and lynx anonymous accounts I've written a
wrapper that calls the binary after resetting all of the environmental
variables except "TERM=vt100". For those who don't have that term -
tough. I don't trust anonymous accounts for the exact reason below. :)
[REW: Note that even if you do that, you should still be aware that
you may be opening a hole into your system.]
--Chris
-------------------------------------------------------------------
Christopher Blizzard | "The truth knocks on the door and you say
blizzard@nysernet.org | 'Go away. I'm looking for the truth,' and
NYSERNet, Inc. | so it goes away." --Robert Pirsig
-------------------------------------------------------------------