Re: lynx-dev brief look at lynx-2.8-4 RPM (and 2.8.1 tarball) for security

[David Woolley]

> 
> lynx-dev readers: programs commonly used under Linux are getting looked
> at for their security properties.  Lynx is mainly of interest because of
> remotaly-controlled input, but I've started on the more visible coding
> matters such as race conditions, buffer overflows and use of the shell.

Your main problem here is that there isn't enough programming effort
available to track all the latest abuses of HTML, and most users
are more concerned about being able to access their web mail box
or bank account than security issues.  (If they were security
aware, they would be demanding that Lynx prevented core dumps as
soon as a password was entered++, rather than insisting that 
clear text password equivalents be stored in psrsistent cookie
files.**)  Work on Lynx is way down my list of out of hours
programming jobs.

Also, most of the available effort is from people running single
user systems, who are not vulnerable to temp file race conditions
and environment variable trickery.

Both race conditions and buffer overruns have been discusses before
on the list.  It has been pointed out that sprintf is not 
necessarily unsafe and snprintf is not necessarily safe, although
it is accepted that Lynx is probably somewhat weak in this area.

++ web site designers are also guilty by not using the authentication
mechansism built into the protocol, which means that the browser can't
reliably detect the entry of authentication data.

** It is also fairly clear that the demand for SSL support is to avoid
being locked out of sites, rather than for the security it gives.  There
have been a number of cases where people have seriously suggested 
running an SSL link at the remote end of a dial in shell account!