[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev rc save bug
From: |
Philip Webb |
Subject: |
Re: lynx-dev rc save bug |
Date: |
Fri, 9 Oct 1998 08:56:56 -0400 (EDT) |
[ we should try to keep `subjects' separate, but i'll reply here for now:
there's another more technical reply under `who owns what' ]
981009 Bela Lubkin wrote:
> If the security hole exists -- and that is debatable, depending on
> specific details of how your operating system is implemented and how the
> system is configured -- then any user on the system could *take over*
> your account any time you run Lynx. They could then delete all your
> files, or make subtle changes in your important report, or send out
> 10000 sexually offensive spams under your name.
well, what i don't see is how LYNX can be the problem here.
there was a problem for non-sticky /tmp directories,
which is still a case of protecting vs incompetent site managers,
but possibly justified in the big bad World.
there's no other problem unless the sysadmin really screws up.
> If you don't think that's a problem, fine.
> Every user on your system is a perfect saint.
> it does seem to be true that truly malicious users are rare.
> Unfortunately, rare != nonexistent. You wear a seatbelt
> even though you haven't had an accident in your last 5000 drives.
> You probably have health insurance even if you haven't had a cold in 20 yrs.
everyone in Canada & other civilised countries has state health insurance.
> You lock your door even if you live in a good neighborhood.
it's a question of probability of the event happening
& degree of damage if it does: in this case, the probability is very tiny
-- it's much more likely the shoe-string will break & CHASS will close -- ,
& the damage reparable, even if troublesome.
--
========================,,============================================
SUPPORT ___________//___, Philip Webb : address@hidden
ELECTRIC /] [] [] [] [] []| Centre for Urban & Community Studies
TRANSIT `-O----------O---' University of Toronto
- Re: lynx-dev rc save bug, (continued)
- Re: lynx-dev rc save bug, Bela Lubkin, 1998/10/07
- Re: lynx-dev rc save bug, dickey, 1998/10/07
- Re: lynx-dev rc save bug, dickey, 1998/10/07
- Re: lynx-dev rc save bug, Bela Lubkin, 1998/10/08
- Re: lynx-dev rc save bug, Bela Lubkin, 1998/10/09