home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!usc!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!ucbvax!rchland.ibm.com!tinglett+
- From: tinglett+@rchland.ibm.com (Todd Inglett)
- Newsgroups: comp.soft-sys.andrew
- Subject: Re: Making a hyperlink running another program ?
- Message-ID: <If0acMM91JbdJJYGcA@rchland.ibm.com>
- Date: 12 Nov 92 14:28:40 GMT
- References: <1992Nov11.094617.15591@atomica.fi>
- Sender: daemon@ucbvax.BERKELEY.EDU
- Reply-To: "Todd Inglett" <tinglett@vnet.ibm.com>
- Distribution: world
- Organization: The Internet
- Lines: 29
-
- Excerpts from ext.misc.info-andrew: 11-Nov-92 Making ahyperlink running
- .. Dag Nygren@bloom-beacon. (533)
-
- > is there a way of using pushbuttons to run other programs from a ezdocument?
-
- I just finished a small project which does just this, however it is a
- bit moredifficult than to simply create a button that runs a command.
- Obviously thecommand could do something malicious. Just look at the
- hoops that ness goesthrough to protect users!
-
- My idea is to create a button (I call it runbutton for lack of abetter
- name) that could run an arbitrary command, but the ordinary PATH isnot
- used to execute the command. Instead a preference is used tosearch a
- limited set of directories. Presumably administrators would policethe
- commands in those directories. Also, the command name cannot
- containslashes (no absolute or ../../xxx relative commands). It also
- does not use ashell to execute the command so shell metacharacters like
- backquote are notinterpreted.
-
- I also plan to look for command's whose names are the form xxx.n, which
- I willassume is a ness script. In this case, I will compile and execute
- the nesscode automatically when the button is pushed. This allows the
- ness to takecontrol of the window, asking questions, etc.
-
- Anybody see any security holes in this plan? I haven't looked at the
- Nessidea too closely yet, but it looks trivial. I don't know about
- securitythere, though.
-
- -todd inglett
-
