lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Lynx 2.8.3 with nmh problems


From: T.E.Dickey
Subject: Re: lynx-dev Lynx 2.8.3 with nmh problems
Date: Tue, 9 May 100 14:27:30 -0400 (EDT)

> Which of the following statements are true? 
neither.  you're leaving out something
  
> The code for creating the temporary directory does not increase security 
> in any way, if the TMPDIR or LYNX_TEMP_SPACE is pointing to a safe user- 
> private directory. 

in this case, the temporary directory is not created
  
> The code for creating the temporary directory does not increase security 
> in any way, if the t-bit prevents renaming of non-writable files. 

a malicious user can (in theory ;-) create a symbolic link in $TMPDIR
to point to an arbitrary file irregardless of the t-bit (and how well
implemented it is).
  
> If both are true, then I want to compile lynx such that it never 
> creates a temporary directory on this system.  If both are not true, 
> then I have misunderstood you so far, and ask for more explanation. 
>  
>    Klaus 
>  
>  
> ; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden 


-- 
Thomas E. Dickey  <address@hidden>
http://dickey.his.com
ftp://dickey.his.com

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]