Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]

From:	Alan Cox
Subject:	Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Date:	Wed, 7 May 1997 16:40:30 +0100 (BST)

> Yes, but a hard to win race, and provided the filename is really random
> it's almost impossible. (Please correct me if I'm wrong.) 

Oh its not that hard. One thing computers are very good at is trying
the same thing again and again. 

> 1. use TEMP space in the HOME directory, which is bad when you have 
>    a low quota on $HOME
> 2. use mkstemp(), which is not on all systems
> 3. use the algorithm I have described, which is rather complex and has a
>    (IMHO theoretical) race condition

Practical. Folks have exploited it

> It looks that #1 is most secure and very easy to implement.

Or #2 with #1 if mkstemp() is not available ?

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

[Prev in Thread]

Current Thread

[Next in Thread]

LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Henri Torgemane, 1997/05/06
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Klaus Weide, 1997/05/07
  - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Alan Cox, 1997/05/07
  - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Hynek Med, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Alan Cox, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Hynek Med, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Alan Cox <=
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Kari E. Hurtta, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Kari E. Hurtta, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Jim Spath (Webmaster Jim), 1997/05/08
  - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Benjamin C. W. Sittler, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Larry W. Virden, x2487, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Benjamin C. W. Sittler, 1997/05/07
    - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Alan Cox, 1997/05/07
- RE: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Brian Tillman, x8425, 1997/05/07
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Scott McGee (Personal), 1997/05/07
  - Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Larry W. Virden, x2487, 1997/05/07

Prev by Date: LYNX-DEV Re: ZIP? Why not standard tar?
Next by Date: Re: LYNX-DEV secure browser
Previous by thread: Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Next by thread: Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
Index(es):
- Date
- Thread