lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BS


From: T.E.Dickey
Subject: Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BSDI-Support-Request #41289]
Date: Wed, 1 Jul 1998 09:33:36 -0400 (EDT)

> 
> 980701 Thomas Dickey wrote: 980630 Philip Webb wrote:    
> >> AFAIK this was corrected in 2-7-2 & 2-8 
> > not exactly - 2.7.2 and 2.8 have a not-very-good fix. 
>  
> like, a how-far-not-very-good fix? 
> do you mean a fix which reliably avoids the race condition, 
> but at the expense of clumsy code & poor maintainability, 
> or a fix which works most of the time as far as anyone knows for now ... ? 
No.  It doesn't avoid the race condition at all.  It simply follows the
code that opens the file with a call to make it unreadable.
  
> > I have a generic fix in the development version, which can be improved 
> > (unless you're logged in as root, the generic fix works just fine, 
> > but there's the special cases as usual). 
>  
> why-on-earth would  root  have to worry?  s/he can do anything anyway ... 
The code that I used would behave differently if root is running (so that
opens up a hole).  Someone told me about it; will fix when I get there.
I have also to check/see whether Lynx should cache temporary filenames
for reuse (doesn't seem needed, but would take work to disentangle).
  
> > The issue of a 'race condition' refers to the fact 
> > that one could easily devise a program that predicts 
> > the next temporary-filename that 2.7.2 would use (2.8 has the same code) 
> > and create a spoof filename that's linked to another location. 
>   
> so it is the same much-debated problem, 
> to which -- among other people -- FM offered 2-7-2 as a solution, 
> which was incorporated in 2-8. 
>  
> should users be concerned as of 980701 ? 
not ordinary users - the dev.17 (or whatever) version works for them.
 
-- 
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]