[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Re: who owns what

From: Philip Webb
Subject: Re: lynx-dev Re: who owns what
Date: Sat, 10 Oct 1998 09:37:33 -0400 (EDT)

981009 Thomas Dickey commented on Philip Webb's discovery:
>> it's a link to a link. 
> that's what I guessed it would be.  I'll work on it in the morning

thanx: i hope my vigorous debate with BL (smile) hasn't dented you.

981009 Leonid Pauzner commented on the debate:
>>> how can the Enemy place a link in  ~/purslow ?  i own it.
>>> maybe in  /tmp , if the link is to a file under  ~/purslow ,
>>> but that's never going to be the case with  .lynxrc .
>> Enemy can't; the problem is that Lynx is using the same function
>> to check the safety of writing the .lynxrc as for writing a temp file.
>> However, when you disable ther checking code you are also disabling it
>> for times when Lynx *is* trying to write to /tmp .
> Probably we need a different routines for opening /tmp files
> and for bookmark/cookies/.lynxrc files,
> which usually in home dir, we can also check it explicitely for ~

precisely!  Lynx should ask: "Are we trying to write in/below  $HOME ?"
if yes -- for bookmark/cookie/lynxrc -- , avoid the security routine;
otherwise, go into security routine, but maybe allow for linx-to-linx.

SUPPORT     ___________//___,  Philip Webb : address@hidden
ELECTRIC   /] [] [] [] [] []|  Centre for Urban & Community Studies
TRANSIT    `-O----------O---'  University of Toronto

reply via email to

[Prev in Thread] Current Thread [Next in Thread]