[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Alleged Lynx security emergency
|
From: |
Larry W. Virden, x2487 |
|
Subject: |
Re: LYNX-DEV Alleged Lynx security emergency |
|
Date: |
Tue, 1 Jul 1997 08:15:21 -0400 |
> I assumed that the bug if there is one is in the cp program.
Sorry, but that's not the case.
> What I'd like to know, is why this happens. Why and how is a
> shell created in the first place? On the anonymous account I
The only way to have a fairly certain chance of getting the helper applications
to run for downloading, printing, uploading (are there some other places
folk?) is to feed the lynx.cfg defined strings to a command like
system(). Once that is done, any security hole that might be possible
from these commands now applies to the lynx environment.
However, the problem that was reported from CERT is that one could
access such a security hole from the G)oto subcommand within lynx.
For whatever reason, one could type something like
LYNXDOWNLOAD://Method=-1/File=;/bin/sh;/SugFile=/dev/stdin,
to goto as a URL and lynx would process it .
--
Larry W. Virden INET: address@hidden
<URL:http://www.teraform.com/%7Elvirden/> <*> O- "We are all Kosh."
Unless explicitly stated to the contrary, nothing in this posting should
be construed as representing my employer's opinions.
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- LYNX-DEV Alleged Lynx security emergency, Thomas Jones, 1997/06/30
- Re: LYNX-DEV Alleged Lynx security emergency, Jim Dennis, 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, H E Nelson, 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, Foteos Macrides, 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, Foteos Macrides, 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, Scott McGee (Personal), 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, H E Nelson, 1997/07/01