[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
From: |
Hynek Med |
Subject: |
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)] |
Date: |
Fri, 9 May 1997 13:28:31 +0200 (MET DST) |
On Thu, 8 May 1997, Scott McGee (Personal) wrote:
> I can see people with space problems finding it difficult to use lynx if it
> puts temp files under $HOME. Maybe the thing to do is to leave temp as is,
> but within temp create a directory (with appropriate checks to enusre it is
> not there already) with owner only permissions, then use that directory for
> all temp files. We create it, so nobody can get in ahead of us, and we set
> permission so that nobody can get in after creation. On exit, we just do a
> recursive deletion of that directory.
Well, apart from the sticky bit problem, if I understand it correctly,
there's a race condition while creating this directory, as Alan has
pointed out.. It looks that $HOME is the only really secure solution.
BTW, I'd like to see some kind of checks if there's enough free space -
with $TEMP set to $HOME, many users will find lynx behave mysteriously
when there's not enough free space..
Hynek
--
Hynek Med, address@hidden
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], (continued)
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Foteos Macrides, 1997/05/07
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Brian Tillman, x8425, 1997/05/08
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Scott McGee (Personal), 1997/05/08
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Larry W. Virden, x2487, 1997/05/08
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)],
Hynek Med <=