On Tue, Nov 19, 2002 at 12:39:25PM -0500, Joey Hess wrote:
> Colin Watson wrote:
> > Seconded, with one proviso: can we standardize on the Compatible Secure
> > BROWSER Definition from
> > http://www.dwheeler.com/browse/secure_browser.html instead? This is what
> > man-db implements for the 'man -H' switch; ESR-style BROWSER variables
> > will still work as intended, but %c is added in order to permit a colon
> > in commands and it specifies what shell escaping is to be performed on
> > URLs to get rid of the hideous security flaws.
>
> I assume you mean the "compatible" alternative and not the "bare" one
Yep, "Compatible Secure BROWSER Definition" above.
> First of all, it's possible to write a program that uses ESR's BROWSER
> without passing the url through the shell. Here is a modification of my
> sensible-browser program that does that:
>
> --- sensible-browser~ 2002-11-19 12:20:14.000000000 -0500
> +++ sensible-browser 2002-11-19 12:20:31.000000000 -0500
> @@ -11,7 +11,7 @@
> else {
> $_.=' '.$url;
> }
> - exec $_;
> + exec split ' ', $_;
> # on failure, continue to next in list
> }
>
[...]
Right, fair enough (although I'd prefer splitting and then appending
$url to the list, but the point stands).
> How about we just add something like this to the proposal:
>
> When implementing BROWSER in a program, be careful to not pass the URL
> through the shell when running the browser commands, as the url might
> contain shell metacharacters and there could be security problems. If
> you must pass the URL through the shell, be careful to properly escape
> it first.
Sounds good. Proviso withdrawn.
--
Colin Watson [EMAIL PROTECTED]
