lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]


From: Foteos Macrides
Subject: Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Date: Wed, 07 May 1997 18:11:12 -0500 (EST)

"Brian Tillman, x8425" <address@hidden> wrote:
>>When a lynx user D)ownloads a
>>file, a temporary file with a predictable name is created to store the file
>>until it is completely downloaded. The file is /tmp/L*0TMP.html (the
>>extension is .html regardless of actual file type). * is the PID of Lynx,
>>and 0 is the download number (the second download would have number 1, and
>>so on). Lynx doesn't check for previous existence of this file, and *will*
>>write to symlinks. Any local user can create a symbolic link (or hard link,
>>for that matter) with this predictable name to one of the Lynx user's files,
>>and when this user D)ownloads something, his file will be overwritten by
>>whatever he was downloading.
>
>Not true with _all_ versions of Lynx.  The VMS version will simply create a
>new version of the file and delete it, if a previous version exists.
>Moreover, links to files just don't exist in VMS the same way as in Unix.
>The author of this "information" should get his facts straight before making
>blanket statements.

        VMS has a SET FILE aliasing command which if you are not careful
could yield security risks like those for Unix links, though not as readily
or extensively.   For example, if your site is using an http server with
~user support, instead of actually creating a public_html (or whatever
is the designated name for it) subdirectory off your account's login
directory, you could alias it to another account's login directory, and
potentially access anything in that account via with http server as if
it were accessing your public WWW data tree.  Needless to say, when
I was active in development of the CERN server, I made sure there were
protections against that, and the OSU DECthreads server has equivalent
protections.  I don't know about the commercial http servers for VMS,
but they probably incorporated the protections too.

        The VMS versioning of files is wonderful (and I go bananas trying
to do any substantive development on Unix without it), but does not offer
security as you seem to think.

        The security lies in using a native sys$scratch logical, controlled
at the SYSTEM (homolog of the Unix root) level, and modifiable at the user
level only in conjunction with successful, passworded logins.  That
logical defaults to sys$login (homolog of the Unix $HOME) if it was not
defined to a common, secure temporary storage area.  If security was
breached suffienctly to monkey with that, how Lynx handles temporary files
would be the least of a site's or user's problems.  You do, however,
need to set appropriate protections for your login.com, and personal
lynx.cfg if you use one, so other users on the system can't monkey
around with that.

        I don't know if the full equivalent of VMS's native sys$scratch
security can be emulated in the manner being discussed in this thread,
but it's heading in the direction of emulating that for Unix.

                                Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 address@hidden         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]