[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev security patch for LYUtils.c
From: |
Bela Lubkin |
Subject: |
lynx-dev security patch for LYUtils.c |
Date: |
Tue, 4 Aug 1998 00:55:16 -0700 |
This partially fixes the temp file races I was talking about. It fixes
the ones introduced in dev.19, while attempting to solve the same
problem that change was trying to solve: users tripping over their own
leftover temp files. This makes one attempt to delete the old temp file
(which will only succeed if it's owned by the user, or the user owns the
directory, or it's in a *non*-sticky public directory). If it can't be
deleted, we fall back on error handling code (which I believe will move
on to the next possible temp file name).
There are still serious security problems with the open-for-append code,
which is used in a number of places. These problems have existed for a
long time. Particular areas of danger include:
- doing a traversal while your current directory is writable by anyone
other than yourself
- posting any mail or news message with Lynx when ~/.lynxsig exists
There may still be problems with the open-for-write code as well. I ran
out of time to check it tonight.
>Bela<
begin 600 LYUtils-patch.gz
M'XL("*"[QC4"`RYZ`,5236^"0!`]XZ^87A0(&"C85"Q-#-)J8R5!3/5$5!9+
address@hidden"U9L39/VTCFP['R^MV]$483Q8H:C.&^OVVD6;;B[+(*'(@9-
M!>72T'1#5T'M=J\;LBP?<address@hidden(address@hidden:)IT;OT-$53>KHZA4P
M%S"+0N#%;1H@,$UHO;8$>",1+L=9L<:0XR7YK'address@hidden,2'<HX9/E%DG@
M^)9K][UWQ[?GUI@<3ZXS&2\D&(X&MF\-'YV!T&M<D&(RAA3?FJ#0"<1#AX<[
MTBX,6,,PD(#B$-BP/4U!<8X80)1E24H!VO9\-/58>;/)T%5`FOE*H`G*9VS5
MSK%?1`'U;A`F?[QP"*Z?R:2JLH;TI`'_G:OGSB;6>9)"28U"_Y$8M7UU4GI,
MSZ,PY";_BS`WH%#27QZ:N`Y2G7OK6GCJCZ:N?<^7S\[HUHO/B5'M`5<D<92\
8L-XE).YO9`Y;4U^UW^OQ`9?O&IZ,`P``
`
end
- lynx-dev security patch for LYUtils.c,
Bela Lubkin <=