Re: LYNX-DEV Lynx vulnerabilities

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV Lynx vulnerabilities

From:	Jonathan Sergent
Subject:	Re: LYNX-DEV Lynx vulnerabilities
Date:	Wed, 02 Jul 1997 11:40:10 -0500

Hynek Med wrote:
 ] On Tue, 1 Jul 1997, Jonathan Sergent wrote:
 ] >     I made some edits (please clean up my formatting attempts), see
 ] > my version at http://www.io.com/~sergent/ .
 ] 
 ] I think your chages are very good (namely correcting Subir about the
 ] temporary files problem), but I'd like to see more emphasis on
 ] the fact that the content of the files a malicious hacker can overwrite
 ] users' files with isn't fortunately in his [hacker's] hands, but it rather
 ] depends on the content of the document the user downloads. Of course if
 ] the lynx user is root, and the target file /dev/sda.. :-(

Or if you run a web site and write a CGI script to trigger the attack
in the background when a user from the host in question visits your
page (which entices or tricks the user into downloading a file).


--jss.
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

[Prev in Thread]

Current Thread

[Next in Thread]

LYNX-DEV Lynx vulnerabilities, Subir Grewal, 1997/07/01
- Re: LYNX-DEV Lynx vulnerabilities, Jonathan Sergent, 1997/07/01
  - Re: LYNX-DEV Lynx vulnerabilities, Hynek Med, 1997/07/02
    - Re: LYNX-DEV Lynx vulnerabilities, Jonathan Sergent <=

Prev by Date: LYNX-DEV unable to connect
Next by Date: Re: LYNX-DEV Alleged Lynx security emergency
Previous by thread: Re: LYNX-DEV Lynx vulnerabilities
Next by thread: LYNX-DEV ALT text presentation for linked vs. unlinked IMGs
Index(es):
- Date
- Thread