Re: LYNX-DEV securing Lynx for boxed-in environments.

[William Yang]

Foteos Macrides wrote something like:

>       I'm not sure I follow all the jargon in this thread, but
> it sounds as though you want to allow certain programs/scripts
> in captive/no-shell accounts via Lynx.  The intent in such cases
> it to build it with EXEC_LINKS defined, but set TRUSTED_EXEC to
> "none", and leave ALWAYS_TRUSTED_EXEC set to "none", so that
> lynxexec and lynxprog URLs are permitted only in jumps files,
> which you control via the global lynx.cfg.  The jump shortcuts
> can have the security-related switches for those programs/scripts
> set, and only programs/scripts you consider safe, or have made
> safe via forced inclusion of switches, can be invoked.  Read the
> extensive comments about this in lynx.cfg.

If I'm understanding what you're recommending, your recommended
solution will not allow me to set up an arrow-key-navigable menu which
will directly invoke a mail client (or any other program).  

That means that, for the end-user, the transition between the "menu
system" (Lynx) and the various other client programs that might be
used (PINE, telnet, what have you) will be visible and obvious (which
is somewhat problematic).

I'm not only after setting switches and flags on programs.  I'm after
being sure that only those programs which are EXPLICITLY and
CONSCIOUSLY specified can be run (which would include the programs
which are run in unexpected places from Lynx, such as /bin/mv being
part of the bookmark deletion process).  This dramatically reduces the
risk of administrator error/laziness from threatening system security.

        -Bill
-- 
William D Yang                          The Greater Columbus Free-Net
address@hidden          System Administration & Operation

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;