Re: LYNX-DEV Lynx/MSIE denial-of-service

[Alan Cox]

> though viewing a file of infinite length. This has caused a modem
> connection to drop using MSIE, and slowed a Linux system using lynx to a
> crawl due to exhaustion of memory. Both processes were aborted before any
> further damage was caused.

There are a pile of others

<IMG src="telnet://localhost:19/"> and the like as well as direct tty
access bugs <A href="file:/dev/tty">Click here to lock up lynx</A>

> The CHARGEN service has other security implications and should be turned
> off in normal system operation.

Indeed.

Lynx ought to have a sanity limit on page sizes and also on opening device
files

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;