lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)


From: T.E.Dickey
Subject: Re: LYNX-DEV VU#5135 (Lynx vulnerability?) (fwd)
Date: Thu, 26 Jun 1997 08:22:50 -0400 (EDT)

> PS: I didn't see any response to my comment 2 weeks ago that "the
>     sequence open-then-chmod tends to open race conditions which can
>     lead to security holes".  Was it received?
I don't remember seeing the comment - but I've been working on a
merge/resync, and, yes I noticed it (perhaps whoever initiated that change
doesn't understand how to use umask).

-- A better solution (which I'll keep in mind for _after_ merging) is using
   a wrapper for fopen (i.e., open/fdopen) that'll allow the proper
   semantics.

-- 
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]