lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fwd: BoS: A vulnerability in Lynx (all versions)] LYNX-DEV


From: Nelson Henry Eric
Subject: Re: [Fwd: BoS: A vulnerability in Lynx (all versions)] LYNX-DEV
Date: Thu, 8 May 1997 10:00:05 +0900 (JST)

> > > # Don't use without modification for an anonymous (captive) guest account!
> 
> > Any pointers on what to watch out for / how to modify greatly appreciated.
> 
> That was just a strong disclaimer because I really don't know all the
> things necessary in that situation (environment variables, lynx

In case there are others fooling around with captive guest accounts, you
most definitely would want that last line of Klaus' script to begin
        `exec /where/ever/lynx ...', but if you do this, the directory
         ^^^^^
that you made will not be removed after quitting Lynx (because the trailing
"$@" no longer carries any meaning). 

> Not that I know.  But if you have already set up things such that temp
> files are in directories under $HOME, then you are already preventing
> the problem described.  (assuming normal use of permissions.)  So the

Yeah, I didn't fully understand the problem.  Alan's post tipped me off.
Guess I had just been lucky on that one.

> I was thinking more of systems that would *want* temp files to be under
> /tmp/, so that temporary files don't lie around indefinitely in user
> directories if something goes wrong (assuming old files in /tmp/ get

Of course this is the normal situation.  (My case is unique perhaps since
I'm using a tight quota, tmp=$HOME, and procmail to teach my students the
real value of disk space, and to be custodians of their own accounts.)

__Henry
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]