[1111] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: LYNX-DEV security problem with environment for lynx

daemon@ATHENA.MIT.EDU (Christopher Blizzard)
Thu Aug 29 19:24:44 1996

To: linux-security@tarsier.cv.nrao.edu
In-reply-to: Your message of "Wed, 28 Aug 1996 02:24:07 EDT."
             <199608280624.CAA00419@tarsier.cv.nrao.edu> 
Date: Wed, 28 Aug 1996 14:11:33 -0400
From: Christopher Blizzard <blizzard@odin.nyser.net>

[REW: Quoting trimmed. About anonymous gopher lynx etc accounts:]

In the past for both gopher and lynx anonymous accounts I've written a 
wrapper that calls the binary after resetting all of the environmental 
variables except "TERM=vt100".  For those who don't have that term - 
tough.  I don't trust anonymous accounts for the exact reason below. :)

[REW: Note that even if you do that, you should still be aware that
you may be opening a hole into your system.]

--Chris

-------------------------------------------------------------------
Christopher Blizzard   | "The truth knocks on the door and you say
blizzard@nysernet.org  | 'Go away.  I'm looking for the truth,' and
NYSERNet, Inc.         | so it goes away."  --Robert Pirsig
-------------------------------------------------------------------

home help back first fref pref prev next nref lref last post