Re: lynx-dev rc save bug

[Bela Lubkin]

Philip Webb wrote:

> see my message `who owns what' replying to TD yesterday:
> the problem arose because of messages on lynx-dev in August/September
> which were explicitly concerned with ANONYMOUS spoofers;
> it was exacerbated by the rather clumsy programming response,
> which is not meant as a criticism of the programmer himself.
> i don't believe such attacks are at all likely on our system
> & if one occurred it could surely be tracked
> by appropriate software available to system managers:
> that's why it's an ANONYMOUS problem, ie you can't track the buggers.
> i would rather run the one-in-a-million chance of getting a file trashed
> than spend  2 days  trying to get people to take me seriously
> & then having ultimately to solve the problem myself
> by simply deleting the offensive code.

If the security hole exists -- and that is debatable, depending on
specific details of how your operating system is implemented and how the
system is configured -- then any user on the system could *take over*
your account any time you run Lynx.  They could then delete all your
files, or make subtle changes in your important report, or send out
10000 sexually offensive spams under your name.  If you don't think
that's a problem, fine.  Every user on your system is a perfect saint.

Lynx is not alone in this, and it does seem to be true that truly
malicious users are rare.  Unfortunately, rare != nonexistent.  You wear
a seatbelt even though you haven't had an accident in your last 5000
drives.  You probably have health insurance even if you haven't had a
cold in 20 years.  You lock your door even if you live in a good
neighborhood.

>Bela<