README for flash 0.9.4 ---------------------- Flash is an attempt to create a secure menu-driver shell for UNIX-derived OSes, while providing user-friendliness and easy configurability. An ideal situation requiring the use of flash would be a student-run telnet server which needs to: a) shelter the users from some of the nastinesses of UNIX b) shelter the system from nasty users c) provide an easy way to launch applications d) support multitasking/job control as elegantly as possible e) support easy-to-get-right configuration by administrators --> Flash offers the following features: * uses NCURSES menus driven by cursor keys * offers 'hotkey' functionality for program invocation * loadable modules for "NEW MAIL" and clock functions * password lockable screen saver support It currently compiles nicely under RedHat 5.x & 6.x, SuSe 6.x (x86), RedHat Alpha, and Solaris 5.5 upwards. However for Solaris please read the Makefile, and you will need to use GNU make for this version. If you manage to get it to compile elsewhere, please let us know. --> History: flash was developed by Stephen Fegan of the UCD Internet Society (steve@netsoc.ucd.ie) when the UCD Netsoc were just beginning. It was used with great success to shelter non-computer-literate users from the complicated operating system as well as protecting our setup from hackers of all kinds. Unfortunately the original developer no longer responds to our emails about the program so we have decided to release the program as open source to ensure it will be developed. The original developer did actually intend to do this at some point (the GPL declarations are his) but just didn't get around to it. Kudos to Steve for his work, which built on a very old menu driven shell called 'flin'. Steve almost totally rewrote it during the course of the development. >why did you call your program "Flash" ..aren't there enough programs out >there with the same name already??? Ever hear of Macromedia Flash? From Niall R. Murphy: There was actually a naming conflict from the beginning, since Steve already had another program called flash (which did nasty things to world writable ttys). I persuaded him that flash was the right name since the menus and backgrounds and so on and forth were... well... flashy :) This flash was around in 1996. I don't know if that's before Macromedia. I don't think either of us had heard of it by then anyway. --> Installation: The creation of the binaries should be as simple as "./configure;make" on a Linux system. This should also work for Solaris. The flash binary should go somewhere safe, we like /usr/slocal/bin. Users who will have flash as their shell should have it changed by standard means to the location of the flash executable. ./configure /might/ work on other systems; if it does, drop us a line. We have a report that a port has been added to FreeBSD-CURRENT for flash, this is flash version 0.9.1, while it is not the most up to date version there are no major differences and the version in FreeBSD is safe to use. I will be working on fixing the FreeBSD port in the next release. Talk to Will Andrews (andrews@technologist.com) for more information. The difficult bit is configuring flash to behave as you want it to. There are two directories worth looking at when the source has been unpacked. 'sample-config' contains some sample configuration files which are meant to illustrate certain features of flash. You might like to try extending these when you are building your own setup. Secondly, the directory orcasetup/ contains some configuration files that we use for UCD Netsoc. These are much more developed and complicated than the other ones but contain a lot of netsoc-isms which probably wouldn't be appropriate for your environment. Nevertheless we include them for illustrative purposes. There are a few important things to remember: * config.h defines a few important things such as LIBPREFIX, which is where to put startup rc files and menu definition files * system.flashlogin is the file executed by flash upon login. You can set environment variables, check the return codes from executed programs and so on. * system.menu is the menu definition file. In here you can define what programs are executed with what arguments. It should be fairly easy to figure out what's going on here. Better documentation would be a help. You can also include other definition files; we include module configuration files here. * This can't be stressed enough - when you are adding programs to the system.menu AUDIT THEM FOR SHELL ESCAPES FIRST. It is /no/ use giving people flash as a shell and then allowing them access to vi, tin or even pine. These programs can all be manipulated into giving the user a full shell, some trivially, some not so trivially. Heavy source code review (removing all system() and most exec() calls for example) is the minimum necessary for peace of mind. There is also a man page included in the distribution but it's of dubious usefulness. Knock up a better one... --> Known bugs: * Flash doesn't like being straced under Linux (ncurses?). * You have to be quite careful with your terminal type sometimes. * flash -v segfaults We expect this list to grow larger :-) --> Contact details: The latest stable version of flash should always be available at ftp://ftp.netsoc.ucd.ie/pub/computing/flash/flash-stable-latest.tgz -- there might be later development versions but you should look at the FTP site for them. If you want to communicate patches, configuration difficulties, bugs or so on to the maintainers, please send an empty message to "flash-subscribe@netsoc.ucd.ie". The actual name of the mailing list is "flash@netsoc.ucd.ie". Finally if you are using flash someone we would really appreciate notification. It helps give us warm fuzzies. --> Albert White albertw@netsoc.ucd.ie
