Re: LYNX-DEV Re: ...vulnerability in Lynx...

[Jonathan Sergent]

 ] On Thu, 8 May 1997, Alan Cox wrote:
 ] 
 ] > And if we don't your ISP if they have a clue will delete it entirely for
 ] > good. At least if we fix the default you can choose to be personally
 ] > insecure by changing the tmp dir via the environment variables..
 ] 
 ] If we change the default to be an unpredictable name, would this
 ] be a low enough risk?

I think the idea is to eliminate the risk; if there is one, somebody 
will without a doubt figure out how to take advantage of it.

There's nothing wrong with putting a directory in LYNX_TEMP_SPACE that
you know to be O.K. (i.e. if / is mode 755, /tmp has the sticky bit set, 
and you have a mode 0700 directory inside it).

As far as quota goes, other browsers are notorious for making people 
go over quota because they don't notice the files building up in a 
"hidden" dot directory.  It would make sense to include an error message 
about changing $LYNX_TEMP_SPACE to point to somewhere with more space 
when Lynx can't write to it despite the permissions.

I see no problem with using $HOME for the default temp space, since 
Lynx cleans them up at exit unless it crashes abnormally (in which 
the files are distinctively named and the user will be able to delete 
them--unlike the "hidden" caches from other browsers).

Doing that only requires a change in userdefs.h.  I think it makes
the most sense to change said default, and add a comment warning
people not to set the default to /tmp.

As Alan made clear, "we" need to come to a consensus as to the best
way to fix this, and issue a release (preferably called 2-7-2, so
as to encourage people to install it, and to make it differentiable
to people) before CERT does.

$0.02.


--jss.
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;