On Thu, Jun 02, 2016 at 09:54:05AM -0400, Daniel Dickman wrote: > sorry. I don't really like this patch. > > I'd prefer a proper fix for 1. keeping the current behaviour is a good > reminder that some more work is needed. if we paper over the problem I don't > think there will be the same incentive to fix things properly. > > for 2 I don't like the idea of adding a flavour to Lynx. I'd prefer to keep 1 > package. some months ago I was thinking of a runtime flag like "lynx > -dangerous" to allow proc exec. but then I haven't seen a lot of people > complaining about the lack of proc exec. is it really needed? I certainly > don't need that functionality and I really think it's high risk in a browser.
Siding with Daniel on this one. I don't like the idea of trading security for convenience. I've been giving Lynx some thoughts lately, and I think our best bet is a configure script option to be able to disable spawning processes entirely. Been caught up with other things lately so I haven't done it already, but I will contact upstream to mention what we have been doing regarding Lynx and pledge, and propose that.
