[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Re: Lynx /tmp problem (fwd)
From: |
dickey |
Subject: |
Re: lynx-dev Re: Lynx /tmp problem (fwd) |
Date: |
Fri, 12 Feb 1999 22:09:03 -0500 (EST) |
>
> Theo commenting on the (fixed) tempfile issue that was posted to the
> list a few days ago, forwarded in case anyone else wants to comment
> to Theo/BUGTRAQ -- I'll just keep my mouth shut :)
on the whole, I doubt that he's actually got a fix for it (bear in mind
that on his earlier visit he asserted that the whole of the OpenBSD
system had been purged of buffer overflows; I know that to be false,
and weigh his statements accordingly).
> --
> <http://www.psnw.com/~posterkid/keys/> for DSA/ElG-E/RSA keys
> DSA 0x0A641AA5:0B1E 37B7 ECCB FC96 B6C6 7242 0A59 F8D5 EFA9 4F81
> RSA 0x4E65C321: 42 57 B3 D2 39 8E 74 C3 5E 4D AC 43 25 D2 26 D4
>
> ---------- Forwarded message ----------
> Date: Thu, 11 Feb 1999 12:55:41 -0700
> From: Theo de Raadt <address@hidden>
> To: address@hidden
> Subject: Re: Lynx /tmp problem
>
> > this bug is lynx specific, so all OS are vulnerables..
>
> OpenBSD ships with an integrated version of lynx. Our version has
> tweaks to avoid this issue.
>
> We've brought this issue up with the lynx people before. They do not
> appear to give a damn.
>
> That said, from reading the code I can see why they might not care --
> this problem is going to be a complete nightmare to fix. Lynx's
> handling of /tmp is wrought with many races, and the code is pasta.
--
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey