Anyone else seen this? Netscape 1.1 and higher can be controlled remotely. This can be abused in many ways as Netscape can be made to open URL's add bookmarks, open local files and save local files without informing the user. A possible exmple of an exploit would be a WWW server that serves a page of HTML with say, "+ +" on a line by itself as a comment. Maybe this server runs a program when it's accessed (server side include maybe), and possibly this then runs: netscape2 -remote 'SaveAs(~/.rhosts)' and if the browsing user has an open X display anyone can then log into their account. Obviously this would be worse if root was running Netscape. This could also be used to have an idle netscape visit various pages of dubious virtue and bookmark them all, then the prankster can stop by the victim and have a laugh at their expense... The problem is that Netscape relies on X for it's protection, it can write files without telling the user, and there are far too many open X displays out there. The Windows and Mac versions also have their own remote control but I'll leave someone else to look at them... See http://home.netscape.com/newsref/std/x-remote.htm for instructions on controlling Netscape for X remotely. M. ################################################################## # Martin Hargreaves (martin@datamodl.demon.co.uk) Computational # # Director, Datamodel Ltd Chemist # # Contract Unix system admin/Unix security Sysadmin # ##################################################################