lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Wiping out post data after posting


From: David Woolley
Subject: Re: LYNX-DEV Wiping out post data after posting
Date: Wed, 30 Jul 1997 08:25:22 +0100 (BST)

> 
> 
> Occasionally sensitive information is submitted via forms.
> It doesn't look like post_data is ever zero'ed. A crash could 
> cause a core which would contain this information. I don't
> suppose anyone has a patch to nuke the data? Unfortunately, I don't
> really have time right now to write it myself.

Programs have to be written in a special way to avoid exposing information
in a core file; even then there are double fault conditions that could
expose the data during a small window. Your sensitive strings are likely
to be left in various buffers, the free space in the heap, etc.

The conventional approach is to make sure that the core file is owned by
the user of Lynx, i.e. have an account for every user.  I think core files
are generally created with a restictive set of permissions.

If you must share an account, the other alternative is to inhibit core files.
Some systems allow you to do this using ulimit, but you can also run Lynx
from a non-writeable directory, or create a directory called core.

(Also remember that, unless you are running encyryption as well, and
on the same machine, you are exposing the information to quite a few
system administrators++, anyone with physical access to the LAN wiring
and to anyone able to get a four wire tap onto the phone network.)

++ Users of MS-DOS or Windows, or who could boot such systems, on machines
physically connected to any of the LANs involved count as system
administrators!
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]