Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)

[Foteos Macrides]

H E Nelson <address@hidden> wrote:
>> Now, all that said....  the ability to get a shell, or cause lynx to pass 
>> arbitrary _user-supplied_input_ to the system() command *is* a 'bad thing',
>> and should be plugged.  Refusing to process any strings containing any 
>> shell 'special' characters could be a good stat.
>
>Question I have is why it is necessary for Lynx to call `sh' to do a
>`cp'.  Wayne said something about doing an exec().  Why can't this be
>done, or is it not any "safer"?

        You'll have to ask Lou Montulli why. :) :)   The DIRED_SUPPORT
uses a my_spawn() with fork/execv and compulsive quoting, and for VMS
I define system() to a safe substitute.  I though that doing the latter
for Unix as well was on Klaus' todo list, but we'll have to track him
down to ask if that's still so.  Is he a student who's gone for the
summer?  Anyway I'm reasonably confident my mods plug that security
hole for the Unix folks, and expect that Wayne can handle the problem
for DOS/WIN/NT if they have it.

                                Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 address@hidden         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;