[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
From: |
Alex Lyons A32/373-Winfrith Tel2368 FAX2508 |
Subject: |
Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd) |
Date: |
Wed, 25 Jun 97 10:24:10 BST |
There are quite a number of calls to "system" scattered through the lynx code.
I noticed them in HTFWriter.c, LYBookmark.c, LYDownload.c, LYEdit.c,
LYGetFile.c, LYLocal.c, LYMail.c, LYMainLoop.c, LYPrint.c, and LYUpload.c.
Its not immediately obvious which of these could be vulnerable to shell
spoofing in the way described for the Download calls. Have all these
others been checked? I guess all user-supplied strings could be quoted
(if filenames - as suggested by Andrew Kuchling) or otherwise checked
for shell metacharacters. Also, would it be a good idea to exec whatever
command "system" is using a shell to run? This would effectively truncate
the command at the first shell command delimiter, eg:
system("/bin/cp file1;/bin/sh; file2") :(
system("exec /bin/cp file1;/bin/sh; file2") :)
Alex Lyons
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), (continued)
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Scott McGee (Personal), 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Robert Bonomi, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Jan Hlavacek, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), H E Nelson, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/24
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd),
Alex Lyons A32/373-Winfrith Tel2368 FAX2508 <=
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Alex Lyons A32/373-Winfrith Tel2368 FAX2508, 1997/06/25
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Bela Lubkin, 1997/06/26
- Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd), Foteos Macrides, 1997/06/27