[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]
From: |
Foteos Macrides |
Subject: |
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)] |
Date: |
Wed, 07 May 1997 18:11:12 -0500 (EST) |
"Brian Tillman, x8425" <address@hidden> wrote:
>>When a lynx user D)ownloads a
>>file, a temporary file with a predictable name is created to store the file
>>until it is completely downloaded. The file is /tmp/L*0TMP.html (the
>>extension is .html regardless of actual file type). * is the PID of Lynx,
>>and 0 is the download number (the second download would have number 1, and
>>so on). Lynx doesn't check for previous existence of this file, and *will*
>>write to symlinks. Any local user can create a symbolic link (or hard link,
>>for that matter) with this predictable name to one of the Lynx user's files,
>>and when this user D)ownloads something, his file will be overwritten by
>>whatever he was downloading.
>
>Not true with _all_ versions of Lynx. The VMS version will simply create a
>new version of the file and delete it, if a previous version exists.
>Moreover, links to files just don't exist in VMS the same way as in Unix.
>The author of this "information" should get his facts straight before making
>blanket statements.
VMS has a SET FILE aliasing command which if you are not careful
could yield security risks like those for Unix links, though not as readily
or extensively. For example, if your site is using an http server with
~user support, instead of actually creating a public_html (or whatever
is the designated name for it) subdirectory off your account's login
directory, you could alias it to another account's login directory, and
potentially access anything in that account via with http server as if
it were accessing your public WWW data tree. Needless to say, when
I was active in development of the CERN server, I made sure there were
protections against that, and the OSU DECthreads server has equivalent
protections. I don't know about the commercial http servers for VMS,
but they probably incorporated the protections too.
The VMS versioning of files is wonderful (and I go bananas trying
to do any substantive development on Unix without it), but does not offer
security as you seem to think.
The security lies in using a native sys$scratch logical, controlled
at the SYSTEM (homolog of the Unix root) level, and modifiable at the user
level only in conjunction with successful, passworded logins. That
logical defaults to sys$login (homolog of the Unix $HOME) if it was not
defined to a common, secure temporary storage area. If security was
breached suffienctly to monkey with that, how Lynx handles temporary files
would be the least of a site's or user's problems. You do, however,
need to set appropriate protections for your login.com, and personal
lynx.cfg if you use one, so other users on the system can't monkey
around with that.
I don't know if the full equivalent of VMS's native sys$scratch
security can be emulated in the manner being discussed in this thread,
but it's heading in the direction of emulating that for Unix.
Fote
=========================================================================
Foteos Macrides Worcester Foundation for Biomedical Research
address@hidden 222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], (continued)
- Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Larry W. Virden, x2487, 1997/05/07
- LYNX-DEV Re: ...vulnerability in Lynx..., Klaus Weide, 1997/05/07
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Alan Cox, 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Jim Spath (Webmaster Jim), 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Alan Cox, 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Jim Spath (Webmaster Jim), 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Jonathan Sergent, 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Alan Cox, 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Matthew Kelly, 1997/05/08
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., Larry W. Virden, x2487, 1997/05/08
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)],
Foteos Macrides <=
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Brian Tillman, x8425, 1997/05/08
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Scott McGee (Personal), 1997/05/08
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Larry W. Virden, x2487, 1997/05/08
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Hynek Med, 1997/05/09