[1129] in linux-security and linux-alert archive
Re: [linux-security] Re: LYNX-DEV security problem with environment for lynx
daemon@ATHENA.MIT.EDU (Richard Huveneers)
Mon Sep 2 03:59:07 1996
To: linux-security@tarsier.cv.nrao.edu
Date: 1 Sep 1996 14:27:34 GMT
From: richard@hekkihek.hacom.nl (Richard Huveneers)
Reply-To: richard@hekkihek.hacom.nl
In article <199608301417.KAA26553@odin.nyser.net>, blizzard@odin.nyser.NET (Christopher Blizzard) writes:
>You can write a small wrapper in front of it. As the userid "lynx"'s
>shell you run a program that resets all of the environmental variables
>that would normally be passed by the telnet daemon. Here is some source
>as an example.
>
>#include <unistd.h>
>
>int main() {
>
> char * args[] = {"lynx", "-anonymous", NULL};
> char * environargs[] = {"TERM=vt100"};
You'd better add a NULL pointer in this array too...
> execve ("/usr/bin/lynx", (void *)args, (void *)environargs);
> return(0);
>}
Regards, Richard.