[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Alleged Lynx security emergency
From: |
Larry W. Virden, x2487 |
Subject: |
Re: LYNX-DEV Alleged Lynx security emergency |
Date: |
Wed, 2 Jul 1997 08:13:42 -0400 |
From: "T.E.Dickey" <address@hidden>
> > > Still, I think the right way to fix this problem is:
> > > execl("/bin/cp", File, SugFile, 0); /* Substitute proper variables. */
> > > which doesn't start up an sh at any point in time if I'm not mistaken.
> >
> > I have not seen this suggestion refuted. Intuitively it seems like
> > the safest coding method. I did not understand TD's comment on this,
> > however. Is there a portability problem with using execl()?
> I don't remember my comment - but in essence I was advising using execl,
> etc., yes.
>
> (That doesn't work on VMS, of course - I may have mentioned that).
>
I assume that what is _really_ being proposed is something like:
execl(COPY_PATH, File, SugFile, (char *)NULL);
rather than using /bin/cp, since there should never be a hard coded
path to a file to exec coded in lynx's code itself.
What function does VMS use in place of exec? What does Windows use?
Perhaps what is needed is a LYexec function which then has #ifdef's
for the various environments?
--
Larry W. Virden INET: address@hidden
<URL:http://www.teraform.com/%7Elvirden/> <*> O- "We are all Kosh."
Unless explicitly stated to the contrary, nothing in this posting should
be construed as representing my employer's opinions.
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;