Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)

From:	Alex Lyons A32/373-Winfrith Tel2368 FAX2508
Subject:	Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
Date:	Wed, 25 Jun 97 10:24:10 BST

There are quite a number of calls to "system" scattered through the lynx code.
I noticed them in HTFWriter.c, LYBookmark.c, LYDownload.c, LYEdit.c,
LYGetFile.c, LYLocal.c, LYMail.c, LYMainLoop.c, LYPrint.c, and LYUpload.c.

Its not immediately obvious which of these could be vulnerable to shell
spoofing in the way described for the Download calls.  Have all these
others been checked?  I guess all user-supplied strings could be quoted
(if filenames - as suggested by Andrew Kuchling) or otherwise checked
for shell metacharacters.  Also, would it be a good idea to exec whatever
command "system" is using a shell to run?  This would effectively truncate
the command at the first shell command delimiter, eg:

    system("/bin/cp file1;/bin/sh; file2")       :(
    system("exec /bin/cp file1;/bin/sh; file2")  :)

Alex Lyons
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

[Prev in Thread]

Current Thread

[Next in Thread]

Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), (continued)
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Scott McGee (Personal), 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Jan Hlavacek, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
  - Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Wayne Buttles, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508 <=
  - Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), T.E.Dickey, 1997/06/25
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25
  - Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Larry W. Virden, x2487, 1997/06/25
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Bela Lubkin, 1997/06/26
  - Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), T.E.Dickey, 1997/06/26
    - Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Larry W. Virden, x2487, 1997/06/26
    - Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), T.E.Dickey, 1997/06/26
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/27
  - Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Wayne Buttles, 1997/06/27

Prev by Date: Re: LYNX-DEV fotemods.zip update (Re: CERT VU#5135)
Next by Date: Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
Previous by thread: Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
Next by thread: Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
Index(es):
- Date
- Thread