[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BS
|
From: |
Larry W. Virden, x2487 |
|
Subject: |
Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BSDI-Support-Request #41289] |
|
Date: |
Wed, 1 Jul 1998 10:10:16 -0400 |
From: Philip Webb <address@hidden>
>> I have a generic fix in the development version, which can be improved
>> (unless you're logged in as root, the generic fix works just fine,
>> but there's the special cases as usual).
>
>why-on-earth would root have to worry? s/he can do anything anyway ...
>
>> The issue of a 'race condition' refers to the fact
>> that one could easily devise a program that predicts
>> the next temporary-filename that 2.7.2 would use (2.8 has the same code)
>> and create a spoof filename that's linked to another location.
The reason root has to worry is in case someone not root uses the race
condition to insert something into root's processing of which s/he is unaware.
--
Larry W. Virden INET: address@hidden
<URL:http://www.teraform.com/%7Elvirden/> <*> O- "We are all Kosh."
Unless explicitly stated to the contrary, nothing in this posting should
be construed as representing my employer's opinions.