Re: LYNX-DEV Alleged Lynx security emergency

[Larry W. Virden, x2487]

From: "T.E.Dickey" <address@hidden>

> > > Still, I think the right way to fix this problem is:
> > > execl("/bin/cp", File, SugFile, 0);   /* Substitute proper variables. */
> > > which doesn't start up an sh at any point in time if I'm not mistaken.
> > 
> > I have not seen this suggestion refuted.  Intuitively it seems like
> > the safest coding method.  I did not understand TD's comment on this,
> > however.  Is there a portability problem with using execl()?
> I don't remember my comment - but in essence I was advising using execl,
> etc., yes.
> 
> (That doesn't work on VMS, of course - I may have mentioned that).
> 


I assume that what is _really_ being proposed is something like:

execl(COPY_PATH, File, SugFile, (char *)NULL);

rather than using /bin/cp, since there should never be a hard coded
path to a file to exec coded in lynx's code itself.

What function does VMS use in place of exec?  What does Windows use?

Perhaps what is needed is a LYexec function which then has #ifdef's
for the various environments?
-- 
Larry W. Virden                 INET: address@hidden
<URL:http://www.teraform.com/%7Elvirden/> <*> O- "We are all Kosh."
Unless explicitly stated to the contrary, nothing in this posting should 
be construed as representing my employer's opinions.
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;