> > Do people who run anonymous Lynx services build customized Lynx binaries
When I still offered a public access Lynx (I shut it down permanently well over a year ago.), I built a Lynx specifically for that purpose. I would definitely advise against anyone sharing a binary for known users and anonymous users. > > that some admins may choose to build a separate Lynx binary to be used > > _only_ for their anon Lynx service, in which case they would be wise to > > compile dangerous options right out of the program. I can see no other way for anyone concerned about the security of their system. In addition, I would recommend very rigorous exercising of any new build before it is offered to the public for execution. > currently there is no way to compile out access to file:/// urls, > wihtout seriously mucking about with the code. Being able to hard code > in a list of restrictions would be a "simple" way to enable such a > thing without having to have an even longer list of: > CAN_ANONYMOUS_<whatever> FALSE Is the list in userdefs.h all that long now? When I was doing it, it was pretty simple to throw an anonymous access specific patch on it. If `` #define CAN_ANONYMOUS_GOTO_FILE FALSE '' is set in userdefs.h, then the anonymous user cannot access file:// urls baring a bug in lynx. > Also at least for myself the anonymous lynx client doesn't use the > anonymous switch but is instead run by the anonymous user. Glad to hear it! If anyone on this list is running a public access binary with no anonymous user defined and only relying on the anonymous switch, don't. __Henry ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to [EMAIL PROTECTED]
