[1119] in linux-security and linux-alert archive
Re: [linux-security] Re: LYNX-DEV security problem with environment for lynx
daemon@ATHENA.MIT.EDU (Christopher Blizzard)
Fri Aug 30 19:58:49 1996
To: Robert Hanson <roberth@cet.com>
cc: linux-security@tarsier.cv.nrao.edu
In-reply-to: Your message of "Fri, 30 Aug 1996 04:31:46 PDT."
<Pine.LNX.3.94.960830043129.3458C-100000@cet.cet.com>
Date: Fri, 30 Aug 1996 10:17:31 -0400
From: Christopher Blizzard <blizzard@odin.nyser.net>
In message <Pine.LNX.3.94.960830043129.3458C-100000@cet.cet.com>, Robert Hanson
writes:
:i dont get the lynx thing... what do we do to fix it?
:
You can write a small wrapper in front of it. As the userid "lynx"'s
shell you run a program that resets all of the environmental variables
that would normally be passed by the telnet daemon. Here is some source
as an example.
#include <unistd.h>
int main() {
char * args[] = {"lynx", "-anonymous", NULL};
char * environargs[] = {"TERM=vt100"};
execve ("/usr/bin/lynx", (void *)args, (void *)environargs);
return(0);
}
That's it. (This is for an old version of lynx, btw. I think that the
newer versions use a different argument.)
--Chris
[REW: Quoting trimmed.]
-------------------------------------------------------------------
Christopher Blizzard | "The truth knocks on the door and you say
blizzard@nysernet.org | 'Go away. I'm looking for the truth,' and
NYSERNet, Inc. | so it goes away." --Robert Pirsig
-------------------------------------------------------------------