Re: LYNX-DEV fotemods.zip update

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV fotemods.zip update

From:	Foteos Macrides
Subject:	Re: LYNX-DEV fotemods.zip update
Date:	Wed, 21 May 1997 11:09:06 -0500 (EST)

address@hidden (Rick Mallett) wrote:
>Foteos Macrides writes:
>> 
>>      An update of fotemods.zip is available in:
>> 
>>      http://www.slcc.edu/lynx/fote/patches/
>> 
>> 1997-05-20
>> * Tweak of HTFWriter.c so that it does the anti-spoof tests normally
>>   done by tempname() (see the 1997-05-19 mods) in all cases for which
>
>It looks like the tweak missed the missed the deadline for the release. :)
>
>i.e. fotemods.zip doesn't contain HTFWriter.c. However, LYUtils.c does
>     contain some new code dealing with temp files. 

        I just checked and the 1997-05-20 HTFWriter.c is in the zip.
It's the one in src.  The one in WWW/Library/Implementation isn't
used.  We probably should get rid of it, as we did the libwww's
vanilla HTML.c, but then you'd have to change the libwww makefiles
(sounds like a job for the autoconf'ers :).

        It's dealing with the situation in which it's changing
the suffix of the temporary file name retured by tempname() to
one based on the object's Content-Type or Content-Encoding and
suitable for the helper app which will handle the temporary
file.

        Note that it seeks to block use of links aimed at security
breaches, or mischief that doesn't necessarily succeed in breaching
security, e.g, to modify or trash an .rhost file.

        As far as "privacy" issues associated with the Unix /tmp
design are concerned, even systems which now have the "sticky bit"
feature typically don't use it.  I've yet to get on a Unix system
in which I couldn't read any file in the /tmp tree, and there was
no need for spoofing via links to do it. :) :)

                                Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 address@hidden         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

[Prev in Thread]

Current Thread

[Next in Thread]

LYNX-DEV fotemods.zip update, (continued)
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/12
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/13
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/17
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/18
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/19
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/20
  - Re: LYNX-DEV fotemods.zip update, Hiram Lester, Jr., 1997/05/20
  - Re: LYNX-DEV fotemods.zip update, Rick Mallett, 1997/05/21
- Re: LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/20
  - Re: LYNX-DEV fotemods.zip update, Hiram Lester, Jr., 1997/05/21
- Re: LYNX-DEV fotemods.zip update, Foteos Macrides <=
  - Re: LYNX-DEV fotemods.zip update, Rick Mallett, 1997/05/21
  - Re: LYNX-DEV fotemods.zip update, Greg Marr, 1997/05/21
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/21
- Re: LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/21
- Re: LYNX-DEV fotemods.zip update, John E. Davis, 1997/05/21
- Re: LYNX-DEV fotemods.zip update, Nelson Henry Eric, 1997/05/21
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/25
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/26
  - Re: LYNX-DEV fotemods.zip update, Hiram Lester, Jr., 1997/05/28
- LYNX-DEV fotemods.zip update, Foteos Macrides, 1997/05/27

Prev by Date: Re: LYNX-DEV compiling the developmental version on HP
Next by Date: LYNX-DEV doslynx -Reply
Previous by thread: Re: LYNX-DEV fotemods.zip update
Next by thread: Re: LYNX-DEV fotemods.zip update
Index(es):
- Date
- Thread