Re: lynx-dev rc save bug

[Philip Webb]

981007 Bela Lubkin wrote: 
> Philip Webb wrote:
>>   write(1, "\r\nSaving Options...", 19)   = 19
>> ! open("/homes/purslow/.lynxrc", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EEXIST 
>> (File exists)
>> ! lxstat(2, "/homes/purslow/.lynxrc", {st_mode=S_IFREG|0600, st_size=11022, 
>> ...}) = 0
>> ! getuid()                                = 1300 (euid 1300)
>> ! lxstat(2, "/homes/purslow", {st_mode=S_IFLNK|0755, st_size=18, ...}) = 0
>> ! lxstat(2, "/homes", {st_mode=S_IFLNK|0755, st_size=13, ...}) = 0
>>   ioctl(0, 0x4004667f, [0])               = 0
>>   ioctl(0, 0x4004667f, [0])               = 0
>> ! write(1, "\rAlert!: Unable to save Options"..., 32) = 32
> 
> /homes/purslow is a symlink.  src/LYUtils.c:IsOurFile() wants its parent
> -- that is, /homes -- to be owned by root and not world-writable.
> It isn't world-writable, so it must be that it's not owned by root.
> We can also see in this trace that /homes itself is a symlink,
> so IsOurFile() would have wanted / to be owned by root
> and not world-writable, if it had gotten that far.

like, why, why & why (restrains unparliamentary language)?
this is a security concern for those folx who run anonymous stuff,
not for normal people who compile their own Lynx in their own computer
or their own directories in a shared system:
there's no reason at all why  .lynxrc  should meet  IsOurFile()'s  demands;
and why hasn't it happened to other people?

anyway, thanx lots to you for helping, tho' your fix doesn't work (below):
can we find a fix which does work -- this is a real bug in 2-8-1 --
& maybe curing  IsOurFile()  should be a priority for 2-8-2 ?
BTW for my own education, how do you get your conclusion from the output?
 
> This is the first time I've seen IsOurFile(),
> and I'd say there are a whole bunch of things wrong with its approach.
> Not so fatal it should be changed right now,
> but it definitely needs revisiting.
> 
> Philip, you should be able to patch LYUtils.c:
> 
>                         if (data.st_uid != 0
>                          || data.st_mode & S_IWOTH) {
> 
> to
> 
>                         if (data.st_mode & S_IWOTH) {
> 
 
i did that (in one place, maybe i should check if there's another),
& got the same result with Menu & overwrite:

read(0, ">", 1)                         = 1
ioctl(0, 0x4004667f, [0])               = 0
ioctl(0, 0x4004667f, [0])               = 0
write(1, "\r\nSaving Options...", 19)   = 19
open("/homes/purslow/.lynxrc", O_WRONLY|O_CREAT|O_EXCL, 0600) = -1 EEXIST (File 
exists)
lxstat(2, "/homes/purslow/.lynxrc", {st_mode=S_IFREG|0600, st_size=12303, ...}) 
= 0
getuid()                                = 1300 (euid 1300)
lxstat(2, "/homes/purslow", {st_mode=S_IFLNK|0755, st_size=18, ...}) = 0
lxstat(2, "/homes", {st_mode=S_IFLNK|0755, st_size=13, ...}) = 0
ioctl(0, 0x4004667f, [0])               = 0
ioctl(0, 0x4004667f, [0])               = 0
write(1, "\rAlert!: Unable to save Options"..., 32) = 32

(the only difference is  st_size  in line 6)

-- 
========================,,============================================
SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto