[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
From: |
Alan Cox |
Subject: |
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)] |
Date: |
Wed, 7 May 1997 16:40:30 +0100 (BST) |
> Yes, but a hard to win race, and provided the filename is really random
> it's almost impossible. (Please correct me if I'm wrong.)
Oh its not that hard. One thing computers are very good at is trying
the same thing again and again.
> 1. use TEMP space in the HOME directory, which is bad when you have
> a low quota on $HOME
> 2. use mkstemp(), which is not on all systems
> 3. use the algorithm I have described, which is rather complex and has a
> (IMHO theoretical) race condition
Practical. Folks have exploited it
> It looks that #1 is most secure and very easy to implement.
Or #2 with #1 if mkstemp() is not available ?
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;