[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev FWD: www.infilsec.com - Bugs: lynx tempfile predictable
From: |
Philip Webb |
Subject: |
Re: lynx-dev FWD: www.infilsec.com - Bugs: lynx tempfile predictable |
Date: |
Fri, 1 Jan 1999 04:31:40 -0500 (EST) |
981231 Leonid Pauzner wrote:
>> Subject: Infilsec - Bugs: lynx tempfile predictable
>> X-URL: http://www.infilsec.com/cgi-infilsec/if?action=generate&key=00059
> Why not avoiding symlinks at /tmp/ or this was fixed long ago?
this was cured for 2-8 , ie by 980301.
>> Infilsec
>> lynx tempfile predictable
>> Record Created: Wed Dec 30 16:25:49 1998
>> Last Modified: Wed Dec 30 16:25:49 1998
>> all versions of Lynx (tested on 2.7.1, Linux)
NB: it would be very irresponsible of Infilsec to advertise a bug
without making certain they were using the latest version of the software
(subjunctive mood intentional).
>> Local users can gain other user accounts
>> Author: fflush
>> The same problem present in Elm 2.4 PL24 and earlier
>> is present in all versions of Lynx (tested on 2.7.1, Linux).
^^^ ^^^^^^^^^^^^^^^
the latest Lynx is 2-8-1 available from www.slcc.edu/lynx/release/ .
>> When a lynx user D)ownloads a file,
>> a temporary file with a predictable name is created to store the file
>> until it is completely downloaded. -- snip --
>> Lynx doesn't check for previous existence of this file,
>> and *will* write to symlinks.
this behaviour was corrected.
>> Any local user can create a symbolic link (or hard link, for that matter)
>> with this predictable name to one of the Lynx user's files,
>> and when this user D)ownloads something, his file will be overwritten
>> by whatever he was downloading. -- snip --
IMHO there is reason to question whether this is possible
on an up-to-date & well-managed UNIX system like this one (at U Toronto),
where users have no ability to choose symlink permissions in /tmp
& the permissions actually allowed rule out such malicious behaviour.
--
========================,,============================================
SUPPORT ___________//___, Philip Webb : address@hidden
ELECTRIC /] [] [] [] [] []| Centre for Urban & Community Studies
TRANSIT `-O----------O---' University of Toronto
- Re: lynx-dev FWD: www.infilsec.com - Bugs: lynx tempfile predictable,
Philip Webb <=