lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Lynx vulnerabilities


From: Jonathan Sergent
Subject: Re: LYNX-DEV Lynx vulnerabilities
Date: Wed, 02 Jul 1997 11:40:10 -0500

Hynek Med wrote:
 ] On Tue, 1 Jul 1997, Jonathan Sergent wrote:
 ] >     I made some edits (please clean up my formatting attempts), see
 ] > my version at http://www.io.com/~sergent/ .
 ] 
 ] I think your chages are very good (namely correcting Subir about the
 ] temporary files problem), but I'd like to see more emphasis on
 ] the fact that the content of the files a malicious hacker can overwrite
 ] users' files with isn't fortunately in his [hacker's] hands, but it rather
 ] depends on the content of the document the user downloads. Of course if
 ] the lynx user is root, and the target file /dev/sda.. :-(

Or if you run a web site and write a CGI script to trigger the attack
in the background when a user from the host in question visits your
page (which entices or tricks the user into downloading a file).


--jss.
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]