Re: Annoucement: Local Browser Execution

Philippe-Andre Prindeville (
Tue, 14 Dec 93 13:53:18 +0100

On Dec 13, 17:36, George Phillips wrote:
> Subject: Annoucement: Local Browser Execution

> One last thing. I'm certainly interested in discussing viable
> alternatives to x-exec: and suggestions for improving it. Flames
> about it being "a bad thing" and/or "the wrong thing" will be
> accepted in the same cheerful spirit as Mosaic Motif flames.

I'm not saying it is a "bad" or "wrong" thing. But it has to be
pointed out that the possibility for Trojan Horses here is
mind-boggling. One of the students here had FTP'd a shar file
from a BBS that he thought contained pornographic images. When
he ran it, it archived and encrypted his directory and told him
where you could send $50 to get the password to unencrypt his files.

Serves him right, I said to myself (not because I'm a moralist
crusading against pornography -- just because you have to be
pretty bleeding daft to run an untrusted shar file in your home

So, does your patch try to use a restricted shell? If so, what
commands do you limit the agent to? Do you chroot to a temporary