[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BS
From: |
T.E.Dickey |
Subject: |
Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BSDI-Support-Request #41289] |
Date: |
Wed, 1 Jul 1998 08:01:12 -0400 (EDT) |
> 980630 Jeff wrote:
> > This is an old bug report that was just handed to me.
> > I do not see any fixes in Lynx 2.8.
> > The only safe way to work with temporary files in a public directory
> > ie /tmp is to use open(..., O_EXCL|O_CREAT, ...) . Anything else
> > leaves you open to a race condition and the problems documented here.
> >> Date: Mon, 5 May 1997 16:48:30 -0400
> >> Subject: A vulnerability in Lynx (all versions)
> >> To: address@hidden
>
> AFAIK this was corrected in 2-7-2 & 2-8,
not exactly - 2.7.2 and 2.8 have a not-very-good fix. I have a generic fix
in the development version, which can be improved (unless you're logged in
as root, the generic fix works just fine - but there's the special cases as
usual).
The issue of a 'race condition' refers to the fact that one could easily
devise a program that predicts the next temporary-filename that 2.7.2 would
use (2.8 has the same code) and create a spoof filename that's linked to
another location.
> following considerable discussion on lynx-dev,
> for which see the Archive at www.flora.org/lynx-dev/ .
> of course, if this is a different bug which no-one has noticed till now,
> i'm sure we'ld all like to know ...
>
> --
> ========================,,============================================
> SUPPORT ___________//___, Philip Webb : address@hidden
> ELECTRIC /] [] [] [] [] []| Centre for Urban & Community Studies
> TRANSIT `-O----------O---' University of Toronto
--
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey