[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BS
Re: lynx-dev Re: A vulnerability in Lynx (all versions) <bug 004352> [BSDI-Support-Request #41289]
Wed, 1 Jul 1998 09:11:42 -0400 (EDT)
980701 Thomas Dickey wrote: 980630 Philip Webb wrote:
>> AFAIK this was corrected in 2-7-2 & 2-8
> not exactly - 2.7.2 and 2.8 have a not-very-good fix.
like, a how-far-not-very-good fix?
do you mean a fix which reliably avoids the race condition,
but at the expense of clumsy code & poor maintainability,
or a fix which works most of the time as far as anyone knows for now ... ?
> I have a generic fix in the development version, which can be improved
> (unless you're logged in as root, the generic fix works just fine,
> but there's the special cases as usual).
why-on-earth would root have to worry? s/he can do anything anyway ...
> The issue of a 'race condition' refers to the fact
> that one could easily devise a program that predicts
> the next temporary-filename that 2.7.2 would use (2.8 has the same code)
> and create a spoof filename that's linked to another location.
so it is the same much-debated problem,
to which -- among other people -- FM offered 2-7-2 as a solution,
which was incorporated in 2-8.
should users be concerned as of 980701 ?
SUPPORT ___________//___, Philip Webb : address@hidden
ELECTRIC /]     | Centre for Urban & Community Studies
TRANSIT `-O----------O---' University of Toronto