[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev lynx /tmp security
From: |
T.E.Dickey |
Subject: |
Re: lynx-dev lynx /tmp security |
Date: |
Mon, 17 Aug 1998 13:22:40 -0400 (EDT) |
> The main issues that Lynx has are that it tries to (a) reuse existing
> temp file and that (b) it renames (changes extensions on) temp files
yes - but it only reuses in a couple of places (they're still ugly &
still on my list).
> without requesting a new name for them. Neither of these issues is
> particularly difficult to solve. The first one is a non issue with
> sticky temp directories, and the other just requires that any time a
> temp file is opened it is either (a) known to already exist [was
> created via (b) earlier] or (b) opened with O_CREAT,O_EXCL. I don't
> think truncating existing files is ever desirable, but I might have
> missed something.
If you download a file, Lynx uses the same logic for opening the file,
and so you must truncate it. That was how I noticed it...
> It seems simple but every time I look at Lynx I get reminded that it
> really is a very large program. Such is the web...
>
> One thing that TED had mentioned way back was something about two-
> argument open. Is that really a concern? (does Lynx run on anything
> that old anyway?)
probably - but no one's pointed out problems with compiling the changes I made.
> Jonathan Sergent / address@hidden <LURK>
--
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey