lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Re: Lynx /tmp problem (fwd)


From: dickey
Subject: Re: lynx-dev Re: Lynx /tmp problem (fwd)
Date: Fri, 12 Feb 1999 22:09:03 -0500 (EST)

> 
> Theo commenting on the (fixed) tempfile issue that was posted to the 
> list a few days ago, forwarded in case anyone else wants to comment 
> to Theo/BUGTRAQ -- I'll just keep my mouth shut :) 

on the whole, I doubt that he's actually got a fix for it (bear in mind
that on his earlier visit he asserted that the whole of the OpenBSD
system had been purged of buffer overflows; I know that to be false,
and weigh his statements accordingly).
  
> --  
> <http://www.psnw.com/~posterkid/keys/> for DSA/ElG-E/RSA keys 
> DSA 0x0A641AA5:0B1E 37B7 ECCB FC96 B6C6  7242 0A59 F8D5 EFA9 4F81 
> RSA 0x4E65C321: 42 57 B3 D2 39 8E 74 C3  5E 4D AC 43 25 D2 26 D4 
>  
> ---------- Forwarded message ---------- 
> Date: Thu, 11 Feb 1999 12:55:41 -0700 
> From: Theo de Raadt <address@hidden> 
> To: address@hidden 
> Subject: Re: Lynx /tmp problem 
>  
> > this bug is lynx specific, so all OS are vulnerables.. 
>  
> OpenBSD ships with an integrated version of lynx.  Our version has 
> tweaks to avoid this issue. 
>  
> We've brought this issue up with the lynx people before.  They do not 
> appear to give a damn. 
>  
> That said, from reading the code I can see why they might not care -- 
> this problem is going to be a complete nightmare to fix.  Lynx's 
> handling of /tmp is wrought with many races, and the code is pasta. 


-- 
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]