[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Re: ...vulnerability in Lynx...
From: |
Jonathan Sergent |
Subject: |
Re: LYNX-DEV Re: ...vulnerability in Lynx... |
Date: |
Thu, 08 May 1997 18:04:29 EST |
] CERT advisories do not _have to_ have, in their section titled
]
] III. Solution,
]
] "Upgrade to the latest release. [...]"
]
] They could just as well make people aware of the mechanism already
] existing in all Lynx version (AFAIK)
Not.
grep for TEMP_SPACE in CHANGES*, and notice that the first release which
has this is v2.5. Fote added it to the the code for non-version 2.4FM
on 1995-10-18.
10-18-95
* Added "LYNX_TEMP_SPACE" environment variable (Unix) or VMS logical,
which if present at run time will be used instead of the the TEMP_SPACE
There are lots of sites running 2.4.2 (or worse) which have only the
userdefs.h provision.
] for setting a directory for temp
] files, give some detailed instructions on how to set LYNX_TEMP_SPACE
] (possibly in a wrapper script) and use "sticky", and save them from
] feeling they have to install a new version.
] (No, I have no idea how to "make them say" anything.)
Here's what people should do:
Upgrade to the Lynx 2.7.2 as soon as possible, since it has
sensible checking for temporary file creation.
If they are using Lynx version 2.5 or newer, they should set
$LYNX_TEMP_SPACE to $HOME.
If they are using Lynx 2-4FM newer than 1995-10-18, they can use this
workaround, but they're better advised not to run such an oddball
version.
If they are using any Lynx source which was released before 1995-10-18,
they need to recompile Lynx in order to change the temp_space setting,
and they ought to upgrade to 2.7.2 while they're at it.
This can probably be reworded to be clearer.
If nobody else is going to be forthcoming with a source patch, then I
will have time to work on trying to implement this next week; I have
a few ideas but I don't know if they're implementable.
--jss.
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: LYNX-DEV Re: ...vulnerability in Lynx..., (continued)
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Foteos Macrides, 1997/05/07
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Brian Tillman, x8425, 1997/05/08
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Scott McGee (Personal), 1997/05/08
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Larry W. Virden, x2487, 1997/05/08
Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)], Hynek Med, 1997/05/09