[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV fotemods.zip update (97/05/25)
|
From: |
Bela Lubkin |
|
Subject: |
Re: LYNX-DEV fotemods.zip update (97/05/25) |
|
Date: |
Tue, 10 Jun 1997 21:39:37 +0000 |
Foteos Macrides wrote:
> 1997-05-25
> * Mods in LYMain.c to convert $USER if present in the TEMP_SPACE
> definition or LYNX_TEMP_SPACE enviroment variable to the string
> returned by getenv("USER"). - FM
> * Fixed two typos for me->inFONT settings in HTML.c - TD
> * Added chmod(file, 0600) calls for most files created by Lynx. - FM
I haven't looked at these mods -- I am now living in Moscow and my ISP
is usually too slow to attempt large downloads. I have a security
concern with the described change: the sequence open-then-chmod tends to
open race conditions which can lead to security holes. It is also
unnecessary, since the mode is specified in the open-or-creat call
itself:
fd = open(filename, O_CREAT | whatever, 0600);
fd = creat(filename, 0600);
If an open-then-chmod sequence is really necessary, it should use
fchmod(), if available. Not all systems support it; so:
fd = open(filename, O_CREAT | whatever, 0666);
#if defined(HAS_FCHMOD)
fchmod(fd, 0600);
#else /* !HAS_FCHMOD; note possible race condition here */
chmod(filename, 0600);
#endif /* HAS_FCHMOD */
(then -DHAS_FCHMOD in your Makefile entry, and the autoconfig guys make
a Configure test for it...)
>Bela<
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: LYNX-DEV fotemods.zip update (97/05/25),
Bela Lubkin <=