[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
From: |
Larry W. Virden, x2487 |
Subject: |
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd) |
Date: |
Tue, 24 Jun 1997 15:15:01 -0400 |
> Being able to read/copy files is =not= really an issue. Postulating any
> sort of effective _system_ management, LYNX is either running _as_the_user_
> who invoked it; or in the case where it's being used as a 'public access'
> browser/viewer it is running as _it's_own_ userid. In _either_ case, the
> *system* access-controls are still in effect, and unless LYNX is running
> with an effective userid of _root_, cannot access any 'sensitive' files.
> Note: '/etc/passwd' is *not* a 'sensitive' file, on a properly managed
> system. Everybody *should* be running 'shadow passwords' at this point,
> whereupon the readability of /etc/passwd is not a "significant" issue.
However, in any situation where shadow passwords are not available,
it _is_ a problem. Also, one's definition of 'sensitive' may be
debatable. Some naive admins may think that anything not specifically
pointed to by an HTML page is 'safe'. This is not the case, since
the CERT announcement has shown that other files can be accessed.
--
Larry W. Virden INET: address@hidden
<URL:http://www.teraform.com/%7Elvirden/> <*> O- "We are all Kosh."
Unless explicitly stated to the contrary, nothing in this posting should
be construed as representing my employer's opinions.
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), (continued)
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Scott McGee (Personal), 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Scott McGee (Personal), 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Jan Hlavacek, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25