[9508] in bugtraq
Re: Lynx /tmp problem
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Fri Feb 12 14:33:48 1999
Date: Thu, 11 Feb 1999 12:55:41 -0700
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: Juan Diego Bolanos <diego@HERCULES.UNIVALLE.EDU.CO>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 09 Feb 1999 20:57:30 EST."
<Pine.LNX.4.05.9902092055170.1485-100000@hercules.univalle.edu.co>
> this bug is lynx specific, so all OS are vulnerables..
OpenBSD ships with an integrated version of lynx. Our version has
tweaks to avoid this issue.
We've brought this issue up with the lynx people before. They do not
appear to give a damn.
That said, from reading the code I can see why they might not care --
this problem is going to be a complete nightmare to fix. Lynx's
handling of /tmp is wrought with many races, and the code is pasta.
