Joe,
I downloaded an executable version of Htmlview.tcl and it requires a "wish
interpreter" and runs using elm or pine programs which we don't have.
Corey,
I have started Netscape as user "browser" in group "browser" and it does
obey file permissions. Unfortunately there are thousands of world readable
and writable files in the system. I really wouldn't want to start changing
permissions on all of these files.
John,
I'll try out that option and see how it works. As far as the Netscape.ad
file, I have edited that file and nothing changes. It appears that this
file is used when the netscape source code is compiled and we get Netscape
already compiled. There are some comments in this file that refer to
copying some of the configurations in Netscape.ad to the .Xdefaults file but
they don't recommend it.
Dan Karppi CCST
Falconbridge Limited
Smelter Complex
Falconbridge, Ontario
Canada
P0M 1S0
�
Phone: (705) 693-2761 ext. 3881
Fax:���� (705) 699-3887
mailto:[EMAIL PROTECTED]
-----Original Message-----
From: Windle, John [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 13, 2001 9:58 AM
To: 'Foxboro DCS Mail List'
Subject: RE: Helpfile Viewer
There's a really interesting configuration file in the netscape home
directory named Netscape.ad.
For instance, it says that if you issue the command:
netscape -remote "openURL(http://foxboro.com)"
It doesn't open up a new version of Netscape, but finds an existing instance
moves it to the foreground and directs it to that URL. Useful for more
quickly bringing up help screens to an operator.
Even more interesting for the present discussion is that this file contains
menubar configuration settings. If the whole Location data entry field
could be removed (and others) then the above 'netscape -remote' method could
be securely used for operator help screens.
Perhaps some brave soul could do some experimenting and get back to the rest
of us.
John Windle
Foxboro
> -----Original Message-----
> From: Corey R Clingo [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, March 13, 2001 8:46 AM
> To: Foxboro DCS Mail List
> Subject: RE: Helpfile Viewer
>
> Dan-
>
> You might try something like:
>
> su - unprivileged_user_id -c netscape
>
> This is not quite as good as chroot but at least keeps them from
> overwriting
> files.
>
> Of course the real fix is for Foxboro to modify their software so it
> doesn't
> have to run as root.....
>
> Corey Clingo
> Sr. Engineer
> BASF Corporation
>
>
>
>
>
> "Karppi, Dan" <[EMAIL PROTECTED]> on 03/09/2001 11:33:45 AM
>
> Please respond to Foxboro DCS Mail List
> <[EMAIL PROTECTED]>
> To: 'Foxboro DCS Mail List' <Foxboro
> cc:
> Subject: RE: Helpfile Viewer
>
>
>
> Dave and Tim,
>
> I have already installed and am using Netscape Navigator 4.72 for Solaris
> 2.5.1 and it does the job. Only one major problem with it is that the
> entire Solaris file system is not secure. The user can surf through the
> entire file system by entering "/" in the location bar and then browsing
> from the root directory. Also by using the FILE...SAVE_AS function from
> the
> menu bar, the user can overwrite any writable file with the contents of
> the
> displayed HTML page. This is because Netscape is running as root. I've
> tried to secure it by 'chroot'ing Netscape but haven't been successful.
> Windows versions of Netscape are capable of running in a "Kiosk" mode
> where
> the toolbars and hot keys can be disabled but unfortunately this is not
> yet
> available in UNIX versions. I was hoping to find an easier way of
> displaying
> our help files or maybe you have already found a solution to Netscape's
> security problem. Any other ideas would be appreciated.
>
> Dan
>
>
>
>
>
> -----------------------------------------------------------------------
> This list is neither sponsored nor endorsed by the Foxboro Company. All
> postings from this list are the work of list subscribers and no warranty
> is made or implied as to the accuracy of any information disseminated
> through this medium. By subscribing to this list you agree to hold the
> list sponsor(s) blameless for any and all mishaps which might occur due to
>
> your application of information received from this mailing list.
>
> To be removed from this list, send mail to
> [EMAIL PROTECTED]
> with "unsubscribe foxboro" in the Subject. Or, send any mail to
> [EMAIL PROTECTED]
-----------------------------------------------------------------------
This list is neither sponsored nor endorsed by the Foxboro Company. All
postings from this list are the work of list subscribers and no warranty
is made or implied as to the accuracy of any information disseminated
through this medium. By subscribing to this list you agree to hold the
list sponsor(s) blameless for any and all mishaps which might occur due to
your application of information received from this mailing list.
To be removed from this list, send mail to
[EMAIL PROTECTED]
with "unsubscribe foxboro" in the Subject. Or, send any mail to
[EMAIL PROTECTED]
-----------------------------------------------------------------------
This list is neither sponsored nor endorsed by the Foxboro Company. All postings from
this list are the work of list subscribers and no warranty is made or implied as to
the accuracy of any information disseminated through this medium. By subscribing to
this list you agree to hold the list sponsor(s) blameless for any and all mishaps
which might occur due to your application of information received from this mailing
list.
To be removed from this list, send mail to [EMAIL PROTECTED]
with "unsubscribe foxboro" in the Subject. Or, send any mail to
[EMAIL PROTECTED]
