Re: lynx-dev Security holes.

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Security holes.

From:	dickey
Subject:	Re: lynx-dev Security holes.
Date:	Tue, 17 Nov 1998 05:06:13 -0500 (EST)

> The first part is to prevent from attacks/trojans of the type: 
> <a href="rlogin://foo;address@hidden">foo</a> where the sysadmin doesn't want 
> his 
> users to be able to run a shell. Or 
> <a href="rlogin://evil|address@hidden">foo</a> where the attacker 
> has a rlogind (or a login script) that answer with commands that will be 
> executed on the host running lynx. 

thanks (will review/integrate).
  
> The second one are simple fixes for buffer overflows. Of course that's 
> probably not the way you will fix them because I have not seen any other 
> use of snprintf in the source. (why not implement an own version?) 

I just did that (in last night's patch).  I do not intend using snprintf,
as I said before, because it is not a good technical solution (it is not
portable, and it can truncate the result).

-- 
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev Security holes., art, 1998/11/16
- Re: lynx-dev Security holes., dickey <=
- Re: lynx-dev Security holes., Klaus Weide, 1998/11/17

Prev by Date: Re: lynx-dev lynx2.8.2dev.3
Next by Date: Re: lynx-dev lynx2.8.2dev.3
Previous by thread: lynx-dev Security holes.
Next by thread: Re: lynx-dev Security holes.
Index(es):
- Date
- Thread