[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
From: |
Jim Spath (Webmaster Jim) |
Subject: |
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)] |
Date: |
Thu, 8 May 1997 06:04:29 -0400 (EDT) |
On Wed, 7 May 1997, Hynek Med wrote:
> On Tue, 6 May 1997, Klaus Weide wrote:
> > On Tue, 6 May 1997, Henri Torgemane wrote:
> ...
> Well, it surely works, but I think this should be done from within lynx.
> Lynx should have a function for creating temporary files, that should:
> a) create the file with 600 pemissions anyway, to guarantee privacy
Yes.
> b) pick a very random name for the file
Just adding 3 digits/letters to the filename would create a couple
hundred thousand choices to the tmp file name. Sysadmins would
notice this, eh?
> c) check if the file about to be created isn't already a symlink/hardlink
If it exists, use a different name.
> d) optionally do all this in a subdirectory with 700 permissions as your
> script suggests
No, please, thank you. See my prior message.
------
<http://www.cs.indiana.edu/picons/db/users/us/md/lib/bcpl/jspath/face.xbm>
Marvin the Paranoid Android says:
It's no wonder I'm so depressed really is it?
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;