Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]

From:	Hynek Med
Subject:	Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Date:	Wed, 7 May 1997 13:05:48 +0200 (MET DST)

On Tue, 6 May 1997, Klaus Weide wrote:

> On Tue, 6 May 1997, Henri Torgemane wrote:
> 
> > Subject: LYNX-DEV [Fwd: BoS:       A vulnerability in Lynx (all versions)]
> > 
> > Here's something posted yesterday on a security mailing list.
> > You may want to look at it.
> 
> Something like the appended wrapper shell script should prevent this.
> [ Of course, no guarantees.  Comments?? ]

Well, it surely works, but I think this should be done from within lynx.
Lynx should have a function for creating temporary files, that should:

a) create the file with 600 pemissions anyway, to guarantee privacy
b) pick a very random name for the file
c) check if the file about to be created isn't already a symlink/hardlink
d) optionally do all this in a subdirectory with 700 permissions as your
script suggests

I don't know any C, does some kind of standart mktemp() function do this
all? Is it available on all systems?

Hynek

PS The fastest solution is to set LYNX_TEMP_SPACE somewhere in $HOME, as
many people suggested. 

--
Hynek Med, address@hidden

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

[Prev in Thread]

Current Thread

[Next in Thread]

LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Henri Torgemane, 1997/05/06
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Klaus Weide, 1997/05/07
  - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Alan Cox, 1997/05/07
  - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Hynek Med <=
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Alan Cox, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Hynek Med, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Alan Cox, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Kari E. Hurtta, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Kari E. Hurtta, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Jim Spath (Webmaster Jim), 1997/05/08
  - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Benjamin C. W. Sittler, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Larry W. Virden, x2487, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Benjamin C. W. Sittler, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Alan Cox, 1997/05/07

Prev by Date: Re: options (was "Re: LYNX-DEV lynx2.7.1ac-0.20 available")
Next by Date: Re: LYNX-DEV Handling of DD in 2.7
Previous by thread: Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Next by thread: Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Index(es):
- Date
- Thread