lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BS


From: T.E.Dickey
Subject: Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BSDI-Support-Request #41289]
Date: Wed, 1 Jul 1998 08:01:12 -0400 (EDT)

> 980630 Jeff wrote:  
> > This is an old bug report that was just handed to me. 
> > I do not see any fixes in Lynx 2.8. 
> > The only safe way to work with temporary files in a public directory 
> > ie  /tmp  is to use  open(..., O_EXCL|O_CREAT, ...) .  Anything else 
> > leaves you open to a race condition and the problems documented here. 
> >> Date:      Mon, 5 May 1997 16:48:30 -0400 
> >> Subject:      A vulnerability in Lynx (all versions) 
> >> To: address@hidden 
>   
> AFAIK this was corrected in 2-7-2 & 2-8, 
not exactly - 2.7.2 and 2.8 have a not-very-good fix.  I have a generic fix
in the development version, which can be improved (unless you're logged in
as root, the generic fix works just fine - but there's the special cases as
usual).

The issue of a 'race condition' refers to the fact that one could easily
devise a program that predicts the next temporary-filename that 2.7.2 would
use (2.8 has the same code) and create a spoof filename that's linked to
another location.

> following considerable discussion on lynx-dev, 
> for which see the Archive at  www.flora.org/lynx-dev/ . 
> of course, if this is a different bug which no-one has noticed till now, 
> i'm sure we'ld all like to know ... 
>  
> --  
> ========================,,============================================ 
> SUPPORT     ___________//___,  Philip Webb : address@hidden 
> ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies 
> TRANSIT    `-O----------O---'  University of Toronto 


-- 
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]