Re: LYNX-DEV [Fwd: BoS: A vulnerability in Lynx (all versions)]

[Larry W. Virden, x2487]

> puts temp files under $HOME. Maybe the thing to do is to leave temp as is,
> but within temp create a directory (with appropriate checks to enusre it is
> not there already) with owner only permissions, then use that directory for
> all temp files. We create it, so nobody can get in ahead of us, and we set

The problem is that on Unix file systems, if one tries to do these
things in a directory structure where anyone can create files, then all
they have to do is rename a file or directory anywhere up the tree.

That is why one should never have 777 permissions on /.
That is why, if the system supports it, one makes /tmp sticky bit - this
        bit tells Unix that one can only remove or rename files and directories
        if they own the file, AND/OR they own the directory, AND/OR they can
        write to the file or directory AND/OR they are root.

For instance, let's say one has /tmp as 777 .  Let's also say that
lynx creates /tmp/user.lynx.$$/ and places it's files in there.
User 2 comes along, creates /tmp/myown.lynx.$$ directory, giving him/herself
write permission, renames /tmp/user.lynx.$$/ to /tmp/old.lynx/, 
renames /tmp/myown.lynx.$$ to /tmp/user.lynx.$$/, and now they can
mess with any files lynx opens.  If they copy over the contents of
/tmp/old.lynx/, they can then mess with the files lynx has already created.
-- 
Larry W. Virden                 INET: address@hidden
<URL:http://www.teraform.com/%7Elvirden/> <*> O- "We are all Kosh."
Unless explicitly stated to the contrary, nothing in this posting should 
be construed as representing my employer's opinions.
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;