Re: A vulnerability in Lynx (all versions)

Theo de Raadt (deraadt@CVS.OPENBSD.ORG)
Mon, 05 May 1997 17:08:30 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Adam Shostack: "Re: Buffer Overflows: A Summary"
Previous message: SGI Security Coordinator: "SGI Security Advisory 19970101-02-PX - csetup Program Vulnerability"
Maybe in reply to: fflush: "A vulnerability in Lynx (all versions)"
Next in thread: Luca Berra: "Re: A vulnerability in Lynx (all versions)"

> Fix: Why don't people like using mktemp() or tmpfile() ?

mktemp() isn't a solution, since it is still raceable.
mkstemp() is the solution.

In OpenBSD we've killed about 400 or so of these; some exploitable,
some perhaps not.

Next message: Adam Shostack: "Re: Buffer Overflows: A Summary"
Previous message: SGI Security Coordinator: "SGI Security Advisory 19970101-02-PX - csetup Program Vulnerability"
Maybe in reply to: fflush: "A vulnerability in Lynx (all versions)"
Next in thread: Luca Berra: "Re: A vulnerability in Lynx (all versions)"