Re: LYNX-DEV Re: ...vulnerability in Lynx...

[Alan Cox]

> If a system is set up with a "sticky" temp directory, and lynx creates a
> subdirectory there with resonable permissions, can it use the current method
> of creating temp files without becoming a tool for hackers to compromise
> security?

If the subdirectory is created mode 0700 then yes except on older HP's,
and that is well known anyway

> In this case, despite all the other issues, making lynx use a safe subdir
> on a system with a safe tempfile is a good fix. Further modification to
> Lynx to improve saftey on such systems, or on systems without a safe temp
> dir are seperate issues that don't have to be dealt with.

Well it doesnt matter if the same directory is /tmp/lynx-$USER$PID or
~user/.lynx as a configuration you get both out of the fix


;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;