lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]

From: Alan Cox
Subject: Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Date: Wed, 7 May 1997 13:02:00 +0100 (BST) 
> a) create the file with 600 pemissions anyway, to guarantee privacy
> b) pick a very random name for the file
> c) check if the file about to be created isn't already a symlink/hardlink
> d) optionally do all this in a subdirectory with 700 permissions as your
> script suggests
> 
> I don't know any C, does some kind of standart mktemp() function do this
> all? Is it available on all systems?

mktemp isnt sufficient. mkstemp() is but not on all OS's. The algorithm
above has a race condition...

> PS The fastest solution is to set LYNX_TEMP_SPACE somewhere in $HOME, as
> many people suggested. 

That IMHO is also the right way to do it in the long term
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]