lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)

From: Wayne Buttles
Subject: Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
Date: Fri, 27 Jun 1997 08:30:34 -0400 (EDT) 
On Thu, 26 Jun 1997, Foteos Macrides wrote:

> >The second point of concern is the footnote regarding the gaining of root
> >access even though lynx was launched setuid to a different user.  We aren't
> >sure how the service is launched at the site, but given other comments, we
> >thought you'd be interested to see the experiences of some other folks.
> 
>       How bad it is seems to be Unix flavor dependent, but in general
> cp appears to be the culprit, with poor error recovery.

I missed any mention of an anonymous lynx account giving out root shells.
Does anyone have a copy of that note they can send me?

I didn't think cp had anything to do with the error...it just happened to
be in the wrong place at the wrong time.  'cp foo ; /bin/sh' does in
fact mean you want to screw up the cp command and then start a shell. 

Wayne

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]