lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV CERT

From: Jim Dennis
Subject: Re: LYNX-DEV CERT
Date: Mon, 23 Jun 1997 19:30:20 -0700 
> Nice bug.  Sidenote, lynx retains the permissions of the user its run
> as when it executes a shell, or reads a file.  But, if someone runs
> Lynx as root publicly..ouch.

        At the risk of sounding unkind:

                WHAT KIND OF IDIOT WOULD DO THAT!

        However, I am curious as to whether there is any consensus
        as to the best way to implement a public lynx server.
        I've got a co-located host on which I'm willing to provide 
        this service -- so long as it can be done reasonably securely
        and with a reasonable assurance of impinging on the bandwidth
        the rest of the machines services.

        I see one method would be to create a chroot jail and 
        to use Vietse Wenema's chrootuid command as the login shell
        for a virtual user (i.e. 'lynx') with no password.

        I've set up a such a chroot jail.

        What I wonder is how I'd implement that as a simple -- 
        telnet to port foo on myhost (no login prompts).  I've 
        though about doing something like running a copy of 
        chroot/telnetd on the port -- and have the /bin/login in
        that chroot jail *be* a copy of lynx (SUID nobody).

        Or does someone have a wrapper to do all the TERM options
        and negotiations that telnetd does and then start a program
        on that pty?

        I've also played with the old /etc/passwd '*' in the shell
        field (which Linux seems to want to do something with --
        but which hasn't quite worked for me yet).

        So, how are the other public lynx sites doing it?
        Would we like to add this to the web pages?

> ---
> Duncan Hill
>---------------------------------------------------------------------------
> Cogito cogitare ergo cogito esse 

        You think there is though, therefore thinking exists?

        (Sorry, my latin is practically non existent -- 
          I recognize "cogito ergo sum" which is usually translated
          to "I think therefore I am"  but I was never educated in 
          declensions -- so I don't know anything about 'cogitare' or
          'esse')

> Email: address@hidden  :  address@hidden  
> http://www.bajan.org  :  http://www.cropover.com
>---------------------------------------------------------------------------
 
--
Jim Dennis,                                address@hidden
Proprietor,                          address@hidden
Starshine Technical Services              http://www.starshine.org

        PGP  1024/2ABF03B1 Jim Dennis <address@hidden>
        Key fingerprint =  2524E3FEF0922A84  A27BDEDB38EBB95A 
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]