lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Re: ...vulnerability in Lynx...

From: Jim Spath (Webmaster Jim)
Subject: Re: LYNX-DEV Re: ...vulnerability in Lynx...
Date: Thu, 8 May 1997 05:33:42 -0400 (EDT) 
On Thu, 8 May 1997, Alan Cox wrote:
> > each other, not as a (FILE *).  Modifying this would require some major
> > restructuring.  The "security" of mkstemp() seems to rely on files
> > being passed as open FILE pointers, and filenames not being reused.  (Of
> > course I may be missing something obvious here...)
> Indeed. In that case you need to plonk the temporary files into 
> ~me/.lynx/cache
> Now that is a tiny modification and one that we can get into lynx-2.7.2 and
> have that version up and done before the CERT advisory comes out and has
> everyone deleting lynx off public machines.
> Moving it to the home directory is nice and simple and if it can be done
> in under a week or so it is a golden opportunity to get people to upgrade.
> Many many people will see the CERT advisory, including sysadmins with 2.4,
> 2.5 and other prehistoric releases.

I haven't followed this thread very closely, but if MY ISP moves the
Lynx temporary file directory to my home directory, I'll have to stop
using Lynx because my home directory has about 100K free...

------
<http://www.cs.indiana.edu/picons/db/users/us/md/lib/bcpl/jspath/face.xbm>
Marvin the Paranoid Android says:
It's no wonder I'm so depressed really is it?

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]