[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]

From: Jim Spath (Webmaster Jim)
Subject: Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Date: Thu, 8 May 1997 06:04:29 -0400 (EDT)

On Wed, 7 May 1997, Hynek Med wrote:
> On Tue, 6 May 1997, Klaus Weide wrote:
> > On Tue, 6 May 1997, Henri Torgemane wrote:
> ...
> Well, it surely works, but I think this should be done from within lynx.
> Lynx should have a function for creating temporary files, that should:

> a) create the file with 600 pemissions anyway, to guarantee privacy

> b) pick a very random name for the file
Just adding 3 digits/letters to the filename would create a couple
hundred thousand choices to the tmp file name.  Sysadmins would
notice this, eh?

> c) check if the file about to be created isn't already a symlink/hardlink
If it exists, use a different name.

> d) optionally do all this in a subdirectory with 700 permissions as your
> script suggests
No, please, thank you. See my prior message.

Marvin the Paranoid Android says:
It's no wonder I'm so depressed really is it?

; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]