[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV new security bulletin drafts
From: |
Jim Spath (Webmaster Jim) |
Subject: |
Re: LYNX-DEV new security bulletin drafts |
Date: |
Fri, 11 Jul 1997 07:55:53 -0400 (EDT) |
On Thu, 10 Jul 1997, Jonathan Sergent wrote:
> Can people please look at and comment on the version 3 drafts at
> http://www.io.com/~sergent/c/cert-index.html
> that I announced yesterday afternoon? I haven't seen any hits on
> them at all!
I looked at them :-)
This sentence needs to be two sentences:
The FOTEMODS patches avoid any pre-existing filenames for new temporary
files, thus skipping any symbolic link which may have been created with
an upcoming temporary filename, and allows the administrator or user to
^- (These patches allow...)
define TEMP_SPACE (or the LYNX_TEMP_SPACE environment variable) as
"/tmp/$USER" (for example) for pre-existing directories that correspond
to accounts' usernames and have protections/ACLs set for access only by
the appropriate users.
This is problematic:
The next release of Lynx will eliminate this vulnerability, at
which time this bulletin will be updated.
Instead of promising a bulletin revision, advise readers to subscribe
to *and read* the lynx-dev mailing list.
Before saying this:
General questions about Lynx installation and usage should be
sent to <address@hidden>.
Add:
On-line help about Lynx is available using the 'h'elp key. More help
is available in the source distributions. Should your questions not
be answered by these means, ...
------
<http://www.cs.indiana.edu/picons/db/users/us/md/lib/bcpl/jspath/face.xbm>
Marvin the Paranoid Android says:
Why stop now just when I'm hating it?
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;