Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Not exactly security but ...
- From: Jeff Haas
- Date: Tue Jun 06 09:50:40 2000
On Mon, Jun 05, 2000 at 05:30:19PM -0400, Paul Melson wrote:
> Whether you meant it this way, or not, what you
> say above sounds like there are no security
> issues w/ lynx,
Actually, I hadn't intended to go there but thanks for pointing this out.
My biggest gripes security-wise with browsers tend to center around
content presentation that requires client execution of code. This can be
javascript, java or any other technology. As we have all seen from
the various browser exploits it is very hard to code a sandboxing
environment that deals with security issues. And as you note:
> Just ask the last poor sucker who
> was using lynx when he clicked <a href="lynxexec:/bin/rm -rf /home/foo">here</a>.
Happily this is not the default option in the current lynx. I haven't
perused the changelog in a while to know if it ever was.
> I'm not saying that you
> shouldn't use lynx, just don't plan on it being
> more secure than any other browser.
Honestly, I'm not expecting lynx to be any more secure than any
other user-executable program under Unix. What I do want is the
option to avoid software that includes payload data attacks by
design.
Aside from the blind users that I had, I had a second reason:
Using Netscape across a 300 bps radio connection when in the middle
of nowhere to access your network data really REALLY sucks.
> Paul
- --
Jeffrey Haas - Merit RSng project - jeffhaas@merit.edu
|
