[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Alleged Lynx security emergency

From: Larry W. Virden, x2487
Subject: Re: LYNX-DEV Alleged Lynx security emergency
Date: Wed, 2 Jul 1997 08:13:42 -0400

From: "T.E.Dickey" <address@hidden>

> > > Still, I think the right way to fix this problem is:
> > > execl("/bin/cp", File, SugFile, 0);   /* Substitute proper variables. */
> > > which doesn't start up an sh at any point in time if I'm not mistaken.
> > 
> > I have not seen this suggestion refuted.  Intuitively it seems like
> > the safest coding method.  I did not understand TD's comment on this,
> > however.  Is there a portability problem with using execl()?
> I don't remember my comment - but in essence I was advising using execl,
> etc., yes.
> (That doesn't work on VMS, of course - I may have mentioned that).

I assume that what is _really_ being proposed is something like:

execl(COPY_PATH, File, SugFile, (char *)NULL);

rather than using /bin/cp, since there should never be a hard coded
path to a file to exec coded in lynx's code itself.

What function does VMS use in place of exec?  What does Windows use?

Perhaps what is needed is a LYexec function which then has #ifdef's
for the various environments?
Larry W. Virden                 INET: address@hidden
<URL:> <*> O- "We are all Kosh."
Unless explicitly stated to the contrary, nothing in this posting should 
be construed as representing my employer's opinions.
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]