[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV new security bulletin drafts
From: |
Jonathan Sergent |
Subject: |
Re: LYNX-DEV new security bulletin drafts |
Date: |
Fri, 11 Jul 1997 09:37:09 -0500 |
Jim posted some changes to version 3 of the drafts.
] This sentence needs to be two sentences:
]
] The FOTEMODS patches avoid any pre-existing filenames for new temporary
] files, thus skipping any symbolic link which may have been created with
] an upcoming temporary filename, and allows the administrator or user to
] ^- (These patches allow...)
] define TEMP_SPACE (or the LYNX_TEMP_SPACE environment variable) as
] "/tmp/$USER" (for example) for pre-existing directories that correspond
] to accounts' usernames and have protections/ACLs set for access only by
] the appropriate users.
Fixed, thanks.
] This is problematic:
]
] The next release of Lynx will eliminate this vulnerability, at
] which time this bulletin will be updated.
]
] Instead of promising a bulletin revision, advise readers to subscribe
] to *and read* the lynx-dev mailing list.
Done.
] Before saying this:
]
] General questions about Lynx installation and usage should be
] sent to <address@hidden>.
]
] Add:
]
] On-line help about Lynx is available using the 'h'elp key. More help
] is available in the source distributions. Should your questions not
] be answered by these means, ...
Did that, too. Thanks.
See version 4 of both bulletins, same place as before.
Mail from here is really slow...
--jss.
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;