On Mon, Aug 04, 2003 at 08:56:23AM -0400, Matt Zimmerman wrote: > In making it safe, you are no longer implementing esr's specification. It > will break on nontrivial cases, such as the -remote commands for netscape: > > BROWSER="netscape -raise -remote \"openURL(%s, new-window)\":lynx"
Wouldn't something like $ BROWSER="/usr/bin/netscape-remote" or $ BROWSER="/home/aj/bin/browser" $ cat /home/aj/bin/browser #!/bin/sh if [ "$DISPLAY" ]; then galeon "$1" else lynx "$1" fi make more sense and be simpler (ie, having programs invoke BROWSER directly)? Wouldn't it then make more sense to have "/usr/bin/sensible-browser" be used when BROWSER is unset, and have that do a slightly cleverer check of which browsers are available? (alternatives-based using text-browser and x11-browser and some fallbacks, maybe?) Certainly that's more in line with how we handle EDITOR and such at the moment. Use of $BROWSER is then: char *browser = getenv("BROWSER"); if (!browser) browser = "/usr/bin/sensible-browser"; execl(browser, browser, url, NULL); And security is a matter of ensuring sensible-browser, x11-browser and test-browser can all handle arbitrary, unchecked input as "$1". This can probably be managed by either (a) checking that url doesn't start with "-", or (b) using wrapper scripts so "lynx-browser" invokes 'lynx -- "$1"', eg, or (c) changing the execl line to: execl(browser, browser, "--", url, NULL); Cheers, aj -- Anthony Towns <[EMAIL PROTECTED]> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``Is this some kind of psych test? Am I getting paid for this?''
pgpNh2thqZR6S.pgp
Description: PGP signature