lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]


From: Hynek Med
Subject: Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Date: Fri, 9 May 1997 13:28:31 +0200 (MET DST)

On Thu, 8 May 1997, Scott McGee (Personal) wrote:

> I can see people with space problems finding it difficult to use lynx if it
> puts temp files under $HOME. Maybe the thing to do is to leave temp as is,
> but within temp create a directory (with appropriate checks to enusre it is
> not there already) with owner only permissions, then use that directory for
> all temp files. We create it, so nobody can get in ahead of us, and we set
> permission so that nobody can get in after creation. On exit, we just do a
> recursive deletion of that directory.

Well, apart from the sticky bit problem, if I understand it correctly,
there's a race condition while creating this directory, as Alan has
pointed out.. It looks that $HOME is the only really secure solution. 

BTW, I'd like to see some kind of checks if there's enough free space -
with $TEMP set to $HOME, many users will find lynx behave mysteriously
when there's not enough free space..

Hynek

--
Hynek Med, address@hidden


;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]