[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
From: |
Alan Cox |
Subject: |
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)] |
Date: |
Wed, 7 May 1997 13:02:00 +0100 (BST) |
> a) create the file with 600 pemissions anyway, to guarantee privacy
> b) pick a very random name for the file
> c) check if the file about to be created isn't already a symlink/hardlink
> d) optionally do all this in a subdirectory with 700 permissions as your
> script suggests
>
> I don't know any C, does some kind of standart mktemp() function do this
> all? Is it available on all systems?
mktemp isnt sufficient. mkstemp() is but not on all OS's. The algorithm
above has a race condition...
> PS The fastest solution is to set LYNX_TEMP_SPACE somewhere in $HOME, as
> many people suggested.
That IMHO is also the right way to do it in the long term
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;