[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Security holes.

From: dickey
Subject: Re: lynx-dev Security holes.
Date: Tue, 17 Nov 1998 05:06:13 -0500 (EST)

> The first part is to prevent from attacks/trojans of the type: 
> <a href="rlogin://foo;address@hidden">foo</a> where the sysadmin doesn't want 
> his 
> users to be able to run a shell. Or 
> <a href="rlogin://evil|address@hidden">foo</a> where the attacker 
> has a rlogind (or a login script) that answer with commands that will be 
> executed on the host running lynx. 

thanks (will review/integrate).
> The second one are simple fixes for buffer overflows. Of course that's 
> probably not the way you will fix them because I have not seen any other 
> use of snprintf in the source. (why not implement an own version?) 

I just did that (in last night's patch).  I do not intend using snprintf,
as I said before, because it is not a good technical solution (it is not
portable, and it can truncate the result).

Thomas E. Dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]