[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
From: |
Brian Tillman, x8425 |
Subject: |
RE: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)] |
Date: |
Wed, 07 May 1997 09:38:16 EDT |
>When a lynx user D)ownloads a
>file, a temporary file with a predictable name is created to store the file
>until it is completely downloaded. The file is /tmp/L*0TMP.html (the
>extension is .html regardless of actual file type). * is the PID of Lynx,
>and 0 is the download number (the second download would have number 1, and
>so on). Lynx doesn't check for previous existence of this file, and *will*
>write to symlinks. Any local user can create a symbolic link (or hard link,
>for that matter) with this predictable name to one of the Lynx user's files,
>and when this user D)ownloads something, his file will be overwritten by
>whatever he was downloading.
Not true with _all_ versions of Lynx. The VMS version will simply create a new
version of the file and delete it, if a previous version exists. Moreover,
links to files just don't exist in VMS the same way as in Unix. The author of
this "information" should get his facts straight before making blanket
statements.
--
Brian Tillman Internet: tillman_brian at si.com
Smiths Industries, Inc. tillman at swdev.si.com
4141 Eastern Ave., MS239 Addresses modified to prevent
Grand Rapids, MI 49518-8727 SPAM. Replace "at" with "@"
This opinion doesn't represent that of my company
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Benjamin C. W. Sittler, 1997/05/07
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Alan Cox, 1997/05/07
RE: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)],
Brian Tillman, x8425 <=
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Scott McGee (Personal), 1997/05/07
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Larry W. Virden, x2487, 1997/05/07
- LYNX-DEV Re: ...vulnerability in Lynx..., Klaus Weide, 1997/05/07
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Alan Cox, 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Jim Spath (Webmaster Jim), 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Alan Cox, 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Jim Spath (Webmaster Jim), 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Jonathan Sergent, 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Alan Cox, 1997/05/08
Re: LYNX-DEV Re: ...vulnerability in Lynx..., Matthew Kelly, 1997/05/08