[1129] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: LYNX-DEV security problem with environment for lynx

daemon@ATHENA.MIT.EDU (Richard Huveneers)
Mon Sep 2 03:59:07 1996

To: linux-security@tarsier.cv.nrao.edu
Date: 1 Sep 1996 14:27:34 GMT
From: richard@hekkihek.hacom.nl (Richard Huveneers)
Reply-To: richard@hekkihek.hacom.nl

In article <199608301417.KAA26553@odin.nyser.net>, blizzard@odin.nyser.NET (Christopher Blizzard) writes:
>You can write a small wrapper in front of it.  As the userid "lynx"'s 
>shell you run a program that resets all of the environmental variables 
>that would normally be passed by the telnet daemon.  Here is some source 
>as an example.
>
>#include <unistd.h>
>
>int main() {
>
>        char * args[] = {"lynx", "-anonymous", NULL};
>        char * environargs[] = {"TERM=vt100"}; 

You'd better add a NULL pointer in this array too...

>        execve ("/usr/bin/lynx", (void *)args, (void *)environargs);
>        return(0);
>} 

Regards, Richard.

home help back first fref pref prev next nref lref last post