URGENT: SECURITY: Lynx file browser

From: "Kevin Traas" <ktraas@uniserve.com>
To: "Stephen Rice" <steve@freenet.mb.ca>, "John Nemeth" <jnemeth@cue.bc.ca>
Cc: <csuite-dev@chebucto.ns.ca>
Date: Thu, 27 Nov 1997 08:20:10 +0100
Return-Path: <csuite-dev-owner@chebucto.ns.ca>

next message in archive
next message in thread
previous message in archive
previous message in thread
Index of Subjects 

Index of Subjects
Why not just use rsh?  Or am I missing something here?

Regards,
Kevin

-----Original Message-----
From: Stephen Rice <steve@freenet.mb.ca>
To: John Nemeth <jnemeth@cue.bc.ca>
Cc: csuite-dev@chebucto.ns.ca <csuite-dev@chebucto.ns.ca>
Date: Wednesday, November 26, 1997 6:52 PM
Subject: Re: URGENT: SECURITY: Lynx file browser


>On Wed, 26 Nov 1997, John Nemeth wrote:
>
>>      We have a bit of a problem, where Lynx is letting users browse
>> the whole filesystem.  They should not be able to get outside their
>> home directory.  However, it would be nice if IPE's, could also browse
>> their IP areas.
>
>We actually know what you are talking about.  What we have done is to
>eliminate any security concerns on all our files (changing groups,
>changing permissions).  We used to disallow our users to "Goto" a file
>URL but that did not stop them from putting it in their bookmark file.
>We also changed the permissions on our home directories to not allow them
>to keep selecting ".." on our file browser.  However, this did NOT stop
>them from using the file URLs.  We also ruled out the idea of completely
>eliminating file URLs due to our use of them (in rare situations).
>
>What we have done for our IPs is that when they press F a configuration
>file is read (in /usr/local/etc) that determines which directories they
>are IPs of and gives them a list of the IPs on a menu so they can select
>which brings up that directory in the file browser.  Another option you
>might want to use is the ideas of a soft link to the IP directory in the
>users's home directory so they can simply press F to access their files
>then select the IP directory.
>
>By the way, our modifications are being encorporated into the CSuite
>distribution (as options).
>
>Hope this helps,
>   Steve
>
>+--------------------------------------------------------------------------
--+
>Stephen Rice                                        Winnipeg, Manitoba,
CANADA
>Technical Services Committee
steve@freenet.mb.ca
>Blue Sky Community Networks of Manitoba, Inc.         Info:
info@freenet.mb.ca
>                     > > > > LIVE from CALGARY < < < <
>

next message in archive
next message in thread
previous message in archive
previous message in thread
Index of Subjects