[2794] in WWW Security List Archive
Re: A problem with Navigator's cache -Reply
daemon@ATHENA.MIT.EDU (Jeff Weinstein)
Sun Aug 25 19:07:02 1996
Date: Sun, 25 Aug 1996 14:48:34 -0700
From: Jeff Weinstein <jsw@netscape.com>
Reply-To: jsw@netscape.com
To: Adam Shostack <adam@homeport.org>
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Adam Shostack wrote:
>
> Stephen Norton wrote:
>
> | Netscape offers an administrative kit for 3.0, which allows an
> | administrator to hard code some of the options avalaible to users.
> |
> | The admin kit creates a netscape.lck file which is placed next to the
> | executable and overides individual settings.
>
> So the executable gets its own path name, and then locks for
> $Netscapedir/netscape.lck?
>
> cp /usr/local/bin/netscape /tmp
> /tmp/netscape
>
> sigh. If the program runs under the user's control, then the path to
> the netscape.lck must be hardcoded and fully qualified, such as
> /usr/local/lib/netscape/netscape.lck
In a properly configured environment this will not work. Your
firewall, proxy and corporate servers can be configured to only
accept connections from a navigator with the correct lock file.
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
