[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev rc save bug

From: Philip Webb
Subject: Re: lynx-dev rc save bug
Date: Fri, 9 Oct 1998 08:56:56 -0400 (EDT)

[ we should try to keep `subjects' separate, but i'll reply here for now:
there's another more technical reply under `who owns what' ]

981009 Bela Lubkin wrote: 
> If the security hole exists -- and that is debatable, depending on
> specific details of how your operating system is implemented and how the
> system is configured -- then any user on the system could *take over*
> your account any time you run Lynx.  They could then delete all your
> files, or make subtle changes in your important report, or send out
> 10000 sexually offensive spams under your name.

well, what i don't see is how LYNX can be the problem here.
there was a problem for non-sticky  /tmp  directories,
which is still a case of protecting vs incompetent site managers,
but possibly justified in the big bad World.
there's no other problem unless the sysadmin really screws up.

> If you don't think that's a problem, fine.
> Every user on your system is a perfect saint.
> it does seem to be true that truly malicious users are rare.
> Unfortunately, rare != nonexistent.  You wear a seatbelt
> even though you haven't had an accident in your last 5000 drives.
> You probably have health insurance even if you haven't had a cold in 20 yrs.

everyone in Canada & other civilised countries has state health insurance.

> You lock your door even if you live in a good neighborhood.
it's a question of probability of the event happening
& degree of damage if it does: in this case, the probability is very tiny
-- it's much more likely the shoe-string will break & CHASS will close -- ,
& the damage reparable, even if troublesome.

SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto

reply via email to

[Prev in Thread] Current Thread [Next in Thread]