Re: Local program exection in WWW browsers

Chris Lilley, Computer Graphics Unit (lilley@v5.cgu.mcc.ac.uk)
Wed, 13 Apr 1994 15:19:01 GMT


David.J.Heiland@att.com said:

>In order to make full use of WWW browsers I'd like them to execute local
>programs, possibly using their output as HTML (ie a local CGI script).

This can be done.

>To do this generally is dangerous as has been mentioned elsewhere.

Yes, defining application/csh or something is massively insecure.

> However, it should be possible to have Mosaic only execute a program
> link (whether it is a form ACTION or an HREF) if:

>1. The page with the link is a local page (since remote pages shouldn't
> point to local executables)

By local do you mean on a local web server, or using localhost:// urls? And it
is possible to have remote pages safely point to local executables, if you do it
right.

>2. The program to be executed is local

Would need to be unless you set your X display to accept non-local connections.

>3. The program to be executed is in your PATH (since PATH contains programs
> you already trust).

I disagree with this assumption. Is rm in your path? You trust all local uses to
use rm in your file area?

>In order to tell Mosaic to execute the link instead of reading the file,
>an extension could be used (e.g., ".cgi") or possibly a different URL
>form could be used (e.g., "exec://localhost/~dheiland/bin/anything"). Some
>further distinction may need to be made between those programs that return
>HTML (such as a local WAIS search on your private files) and those that don't
>(such as click here to run xclock).

That is one way, but you can do it without any extensions being needed. Also
your suggestion breaks the idea of sending a GET command and getting a response.
I think you recognise that as a problem yourself.

Here is another way. Define an experimental MIME type, say
application/trustedlocal. Have some files on your server which map to this type.
You will need to add a line to mime.types on your server to map file names to
this type.

Now write an external 'viewer' for this type. You will need to edit your
.mailcap to map the MIME type to your 'viewer'. The 'viewer' need not create a
window or anything. It gets a program name to execute as input. It checks this
against a list of trusted programs to execute. This list also gives an absolute
path name to the executable and anything else it needs to run, ie the complete
command which will be executed is known by you in advance when you write the
list.

The trustedlocal file can only select from one of these known command lines;
there is no passing of random strings as parameters. So you cannot hack into
things like mailx or telnet, for example.

Seems to me this should do what you want.

--
Chris Lilley
+-----------------------------------------------------------------------------+
| Technical Author, ITTI Computer Graphics and Visualisation Training Project |
+-----------------------------------------------------------------------------+
| Computer Graphics Unit,        |  Internet: C.C.Lilley@mcc.ac.uk            |
| Manchester Computing Centre,   |     Janet: C.C.Lilley@uk.ac.mcc            |
| Oxford Road,                   |     Voice: +44 61 275 6045                 |
| Manchester, UK.  M13 9PL       |       Fax: +44 61 275 6040                 |
| <A HREF="http://info.mcc.ac.uk/CGU/staff/lilley/lilley.html">click here</A> | 
+-----------------------------------------------------------------------------+