[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev rc save bug
|
From: |
dickey |
|
Subject: |
Re: lynx-dev rc save bug |
|
Date: |
Wed, 7 Oct 1998 15:09:54 -0400 (EDT) |
> like, why, why & why (restrains unparliamentary language)?
> this is a security concern for those folx who run anonymous stuff,
> not for normal people who compile their own Lynx in their own computer
> or their own directories in a shared system:
> there's no reason at all why .lynxrc should meet IsOurFile()'s demands;
> and why hasn't it happened to other people?
there's pros/cons :
+ a link set up as described should be from a directory that isn't
world writable.
+ afaik, there's no reliable way to determine if that directory is
owned by a privileged user (even '0' for root's is not universal
in the quasi-Unix clones, I'm told - but I decided to neglect
those - they're very rare).
But, like Bela, I'm curious who owns the directory where the link is (sounds
like "/" - which should be owned by root - the convention afaik is to have
root own all of the nonvolatile stuff, and privileged "users" such as "bin"
and "news" own facilities).
> anyway, thanx lots to you for helping, tho' your fix doesn't work (below):
It should - the code goes through one point (maybe this is a different
problem).
--
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey
- Re: lynx-dev rc save bug, Bela Lubkin, 1998/10/07
- Re: lynx-dev rc save bug, dickey, 1998/10/07
- Re: lynx-dev rc save bug, Bela Lubkin, 1998/10/07
- Re: lynx-dev rc save bug, dickey, 1998/10/07
- Re: lynx-dev rc save bug, Bela Lubkin, 1998/10/07
- Re: lynx-dev rc save bug,
dickey <=
- Re: lynx-dev rc save bug, dickey, 1998/10/07
- Re: lynx-dev rc save bug, Bela Lubkin, 1998/10/08
- Re: lynx-dev rc save bug, Bela Lubkin, 1998/10/09