lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Re: ...vulnerability in Lynx...


From: Jonathan Sergent
Subject: Re: LYNX-DEV Re: ...vulnerability in Lynx...
Date: Thu, 08 May 1997 18:04:29 EST

 ] CERT advisories do not _have to_ have, in their section titled
 ] 
 ] III. Solution,
 ] 
 ]    "Upgrade to the latest release. [...]"
 ] 
 ] They could just as well make people aware of the mechanism already
 ] existing in all Lynx version (AFAIK) 

Not.  

grep for TEMP_SPACE in CHANGES*, and notice that the first release which 
has this is v2.5.  Fote added it to the the code for non-version 2.4FM 
on 1995-10-18.

10-18-95
* Added "LYNX_TEMP_SPACE" environment variable (Unix) or VMS logical,
  which if present at run time will be used instead of the the TEMP_SPACE

There are lots of sites running 2.4.2 (or worse) which have only the
userdefs.h provision.

 ] for setting a directory for temp
 ] files, give some detailed instructions on how to set LYNX_TEMP_SPACE
 ] (possibly in a wrapper script) and use "sticky", and save them from
 ] feeling they have to install a new version.
 ] (No, I have no idea how to "make them say" anything.)

Here's what people should do:

  Upgrade to the Lynx 2.7.2 as soon as possible, since it has 
  sensible checking for temporary file creation.

  If they are using Lynx version 2.5 or newer, they should set 
  $LYNX_TEMP_SPACE to $HOME.

  If they are using Lynx 2-4FM newer than 1995-10-18, they can use this
  workaround, but they're better advised not to run such an oddball
  version.

  If they are using any Lynx source which was released before 1995-10-18,
  they need to recompile Lynx in order to change the temp_space setting,
  and they ought to upgrade to 2.7.2 while they're at it.

This can probably be reworded to be clearer.

If nobody else is going to be forthcoming with a source patch, then I
will have time to work on trying to implement this next week; I have
a few ideas but I don't know if they're implementable.


--jss.
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]