Re: SECURITY ALERT! [Re: How do you execute shell scripts in Mosaic]

Pete ([email protected])
Tue, 7 Jun 1994 10:56:51 +0100 (BST)


>
> Simon,
>
> Are you asking about how to execute a script on the client side that
> comes in from an arbitrary hypertext link? If so, there's a potential
> security issue. There's essentially no limit on what damage the
> script can do.

Yep - what I am trying to do is execute a script that compares the
script that you have asked to be executed with a set of scripts stored
in a directory that only I have write access to - if the script to be
executed is the same as one in my directory then the script gets
executed, otherwise the user get a message/window displaying the
first page of the script and gets asked if they really want to execute
the script (the default being NO).

I'm sure there are all sorts of security holes with this strategy that
I haven't thought about - which I hope you will now tell me about !

>
> > Has anyone managed to execute a shell script from a hypertext
> > link in a html style document within mosaic. I understand it is
> > possible, from the notes I have seen on this matter I have changed the
> > following files:
> >
> > added the following to the .mailcap file
> > application/x-csh; csh -f %s
> >
> > the following is included in the mime.types file
> > application/x-csh csh
> >

That's effectively what I did - and it worked (with Mosaic and Lynx)
(I have used .mailcap and .mime.types in my $HOME directory and
mailcap and mime.types in /usr/local/lib/mosaic)

Pete