[1119] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: LYNX-DEV security problem with environment for lynx

daemon@ATHENA.MIT.EDU (Christopher Blizzard)
Fri Aug 30 19:58:49 1996

To: Robert Hanson <roberth@cet.com>
cc: linux-security@tarsier.cv.nrao.edu
In-reply-to: Your message of "Fri, 30 Aug 1996 04:31:46 PDT."
             <Pine.LNX.3.94.960830043129.3458C-100000@cet.cet.com> 
Date: Fri, 30 Aug 1996 10:17:31 -0400
From: Christopher Blizzard <blizzard@odin.nyser.net>

In message <Pine.LNX.3.94.960830043129.3458C-100000@cet.cet.com>, Robert Hanson
 writes:
:i dont get the lynx thing... what do we do to fix it?
:

You can write a small wrapper in front of it.  As the userid "lynx"'s 
shell you run a program that resets all of the environmental variables 
that would normally be passed by the telnet daemon.  Here is some source 
as an example.

#include <unistd.h>

int main() {

        char * args[] = {"lynx", "-anonymous", NULL};
        char * environargs[] = {"TERM=vt100"}; 
        execve ("/usr/bin/lynx", (void *)args, (void *)environargs);
        return(0);
} 

That's it.  (This is for an old version of lynx, btw.  I think that the 
newer versions use a different argument.)

--Chris

[REW: Quoting trimmed.]

-------------------------------------------------------------------
Christopher Blizzard   | "The truth knocks on the door and you say
blizzard@nysernet.org  | 'Go away.  I'm looking for the truth,' and
NYSERNet, Inc.         | so it goes away."  --Robert Pirsig
-------------------------------------------------------------------

home help back first fref pref prev next nref lref last post