On Mon, Aug 04, 2003 at 08:56:23AM -0400, Matt Zimmerman wrote:
> In making it safe, you are no longer implementing esr's specification. It
> will break on nontrivial cases, such as the -remote commands for netscape:
>
> BROWSER="netscape -raise -remote \"openURL(%s, new-window)\":lynx"
Wouldn't something like
$ BROWSER="/usr/bin/netscape-remote"
or
$ BROWSER="/home/aj/bin/browser"
$ cat /home/aj/bin/browser
#!/bin/sh
if [ "$DISPLAY" ]; then
galeon "$1"
else
lynx "$1"
fi
make more sense and be simpler (ie, having programs invoke BROWSER directly)?
Wouldn't it then make more sense to have "/usr/bin/sensible-browser" be
used when BROWSER is unset, and have that do a slightly cleverer check
of which browsers are available? (alternatives-based using text-browser
and x11-browser and some fallbacks, maybe?)
Certainly that's more in line with how we handle EDITOR and such at
the moment.
Use of $BROWSER is then:
char *browser = getenv("BROWSER");
if (!browser) browser = "/usr/bin/sensible-browser";
execl(browser, browser, url, NULL);
And security is a matter of ensuring sensible-browser, x11-browser and
test-browser can all handle arbitrary, unchecked input as "$1". This can
probably be managed by either (a) checking that url doesn't start with
"-", or (b) using wrapper scripts so "lynx-browser" invokes 'lynx --
"$1"', eg, or (c) changing the execl line to:
execl(browser, browser, "--", url, NULL);
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Is this some kind of psych test?
Am I getting paid for this?''
Attachment:
pgpwyntJxq9fT.pgp
Description: PGP signature