Is _your_ Netscape under remote control

[martinh () mailhost emap co uk (martinh () mailhost emap co uk)]

Anyone else seen this? Netscape 1.1 and higher can be controlled
remotely. This can be abused in many ways as Netscape can be made to open
URL's add bookmarks, open local files and save local files without
informing the user.

A possible exmple of an exploit would be a WWW server that serves a page
of HTML with say, "+ +" on a line by itself as a comment. Maybe this
server runs a program when it's accessed (server side include maybe), and
possibly this then runs:

netscape2 -remote 'SaveAs(~/.rhosts)'

and if the browsing user has an open X display anyone can then log into
their account. Obviously this would be worse if root was running
Netscape. This could also be used to have an idle netscape visit various
pages of dubious virtue and bookmark them all, then the prankster can
stop by the victim and have a laugh at their expense...

The problem is that Netscape relies on X for it's protection, it can
write files without telling the user, and there are far too many open X
displays out there.

The Windows and Mac versions also have their own remote control but I'll
leave someone else to look at them...

See http://home.netscape.com/newsref/std/x-remote.html for instructions
on controlling Netscape for X remotely.

M.



##################################################################
# Martin Hargreaves (martin () datamodl demon co uk)  Computational #
# Director, Datamodel Ltd                                Chemist #
# Contract Unix system admin/Unix security              Sysadmin #
##################################################################