Re: lynx-dev Re: who owns what

[Philip Webb]

[ pathto script : see other message ]

981008 Bela Lubkin wrote: 
> Philip Webb wrote:
>> I (capitalised for once) have no security problem,
>> nor do the majority of Lynx users & installers:
>> these problems arise ONLY for sites with anonymous users.
> No, you are 100% wrong here.  The security problem
> this code is trying to avoid arises *ONLY* for NON-anonymous sites,
> where you, a non-anonymous user, are innocently using Lynx.
> Some other user, who has a full shell account, decides to attack you.
> He places a malicious link into the directory Lynx is trying to use.
> When Lynx creates a file in that directory, it is tricked into following
> the malicious link, and overwrites one of your personal files.

how can the Enemy place a link in  ~/purslow ?  i own it.
maybe in  /tmp , if the link is to a file under  ~/purslow ,
but that's never going to be the case with  .lynxrc .
 
> This can only happen on systems where the attacker has access to a shell.

so why did the problem arise explicitly for anonymous Enemies,
as is shown by the messages in the Archive i referred to yesterday?
 
> Tom's put in code to try to avoid other instances than  /tmp ,
> such as if Lynx is using your home directory,
> but your home directory is unprotected
> because its parent is world-writable and not sticky.

i just tested this by trying to create a test file:
in  /homefs/u7  &  /  i was told "directory is write-protected";
let's hope the security software spotted me too ... (smile).
 
> In this case, it's explicitly trying to use your home directory:
> this shouldn't be checking directory permissions / status at all.
> If your home directory is unprotected, you are screwed no matter what,
> completely outside of Lynx.  Lynx has no business trying to protect you.

yup, obviously: the well-meaning programmer had a brief lapse.
 
> And, in this case, Lynx is obviously being fooled by something unusual
> about your system's directory structure.
 
i doubt if there's anything much amiss with CHASS:
the sysadmin is overworked, but fully competent in my experience.

nothing you've said above establishes there could be a problem
on an ordinarily well-managed UNIX site without anonymous users,
which leaves me with the basic question unanswered:
should lynx-dev be going to such lengths to protect vs anonymous enemies?
shouldn't people who run such sites be left to their own devices?
haven't the rest of us all got better things to do?

[ i have a separate response to the very polite man who does run one ]

-- 
========================,,============================================
SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto