[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
From: |
H E Nelson |
Subject: |
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd) |
Date: |
Wed, 25 Jun 1997 09:47:10 +0900 (JST) |
> Now, all that said.... the ability to get a shell, or cause lynx to pass
> arbitrary _user-supplied_input_ to the system() command *is* a 'bad thing',
> and should be plugged. Refusing to process any strings containing any
> shell 'special' characters could be a good stat.
Question I have is why it is necessary for Lynx to call `sh' to do a
`cp'. Wayne said something about doing an exec(). Why can't this be
done, or is it not any "safer"?
Fote, your mods look good (aren't they always). Seems like it should
have been that way all along. In my second _hour_ of downloading
bind8.1.1 (599Kb), so I won't be able to test Lynx today or tomorrow.
__Henry
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), (continued)
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Scott McGee (Personal), 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Scott McGee (Personal), 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Jan Hlavacek, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd),
H E Nelson <=
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Bela Lubkin, 1997/06/26