Re: LYNX-DEV Securing lynx 2.6 for use as a shell

[WHITLOCK]

Sean Harp <address@hidden> wrote:

> Can you point me to a document that describes how to secure lynx so that
> users absolutely CANNOT run /bin/sh from within lynx?  We've secured our
> lynx 2.6 copy as best as we know how, but users are still able to fork a
> shell from within lynx and then arbitrarily telnet anywhere they want

If you have *any* lynxexec: or lynxprog: tags on your menus, you need to 
make sure that whatever programs they invoke can't be shelled out of, either.
And the programs that *those* programs invoke can't be shelled out ot.
Even something like using "more" to display files can be a problem, since
(at least some versions of) more has a command to drop into vi, and vi has
a shell escape.

And although most programs use what's in /etc/passwd as the program to 
shell, I've seen one common one that has -- excuse me, HAD :-) -- 
/bin/sh hard-coded.

Then, make sure the config file has lynxexec/lynxprog restricted to a tree
that only the system admin can write to, or if you aren't using it, turn it
off entirely.

Telnet is harder, since if a person can create a page of html that they can
get to in some way (such as a friend with a home page on another system 
who's willing to do them a favor), they can put in whatever telnet://xxxx
tag they want. I believe the localhost equivilencies address this.

(and to the person who asked, no, I won't give exact keystrokes.  Please
find someone who knows you well enough to be sure your great interest 
in security matters is strictly honorable!)

  -- Brad Whitlock
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;