URGENT: SECURITY: Lynx file browser

Date: Thu, 27 Nov 1997 20:53:39 -0600 (CST)
From: Stephen Rice <steve@freenet.mb.ca>
To: Kevin Traas <ktraas@uniserve.com>
cc: John Nemeth <jnemeth@cue.bc.ca>, csuite-dev@chebucto.ns.ca
Return-Path: <csuite-dev-owner@chebucto.ns.ca>

next message in archive
no next message in thread
previous message in archive
previous message in thread
Index of Subjects

Index of Subjects
On Thu, 27 Nov 1997, Kevin Traas wrote:

> Why not just use rsh?  Or am I missing something here?

Well, we were.  I think that this has been adequately answered, however, 
I will mention that using the menus is much easier for many of our IPs 
(though they would REALLY like FTP access which we have not yet 
provided).  They found rsh VERY confusing (they essentially had to learn 
UNIX to use it).

Hope this helps,
   Steve

> From: Stephen Rice <steve@freenet.mb.ca>
> To: John Nemeth <jnemeth@cue.bc.ca>
> Cc: csuite-dev@chebucto.ns.ca <csuite-dev@chebucto.ns.ca>
> Date: Wednesday, November 26, 1997 6:52 PM
> Subject: Re: URGENT: SECURITY: Lynx file browser
> 
> 
> >On Wed, 26 Nov 1997, John Nemeth wrote:
> >
> >>      We have a bit of a problem, where Lynx is letting users browse
> >> the whole filesystem.  They should not be able to get outside their
> >> home directory.  However, it would be nice if IPE's, could also browse
> >> their IP areas.
> >
> >We actually know what you are talking about.  What we have done is to
> >eliminate any security concerns on all our files (changing groups,
> >changing permissions).  We used to disallow our users to "Goto" a file
> >URL but that did not stop them from putting it in their bookmark file.
> >We also changed the permissions on our home directories to not allow them
> >to keep selecting ".." on our file browser.  However, this did NOT stop
> >them from using the file URLs.  We also ruled out the idea of completely
> >eliminating file URLs due to our use of them (in rare situations).
> >
> >What we have done for our IPs is that when they press F a configuration
> >file is read (in /usr/local/etc) that determines which directories they
> >are IPs of and gives them a list of the IPs on a menu so they can select
> >which brings up that directory in the file browser.  Another option you
> >might want to use is the ideas of a soft link to the IP directory in the
> >users's home directory so they can simply press F to access their files
> >then select the IP directory.
> >
> >By the way, our modifications are being encorporated into the CSuite
> >distribution (as options).
> >
> >Hope this helps,
> >   Steve
> >
> >+--------------------------------------------------------------------------
> --+
> >Stephen Rice                                        Winnipeg, Manitoba,
> CANADA
> >Technical Services Committee
> steve@freenet.mb.ca
> >Blue Sky Community Networks of Manitoba, Inc.         Info:
> info@freenet.mb.ca
> >                     > > > > LIVE from CALGARY < < < <
> >
> 
> 

+----------------------------------------------------------------------------+
Stephen Rice                                        Winnipeg, Manitoba, CANADA
Technical Services Committee                               steve@freenet.mb.ca
Blue Sky Community Networks of Manitoba, Inc.         Info: info@freenet.mb.ca
                     > > > > LIVE from CALGARY < < < <

next message in archive
no next message in thread
previous message in archive
previous message in thread
Index of Subjects