From owner-freebsd-questions Sun Apr 2 11:33:40 2000 Delivered-To: freebsd-questions@freebsd.org Received: from out3.mx.nwbl.wi.voyager.net (out3.mx.nwbl.wi.voyager.net [169.207.3.79]) by hub.freebsd.org (Postfix) with ESMTP id 84EC737BE4F for ; Sun, 2 Apr 2000 11:33:37 -0700 (PDT) (envelope-from dpoland@execpc.com) Received: from judah (spira-2-105.mdm.fox.execpc.com [169.207.24.233]) by out3.mx.nwbl.wi.voyager.net (8.9.3/8.9.3) with SMTP id NAA13714; Sun, 2 Apr 2000 13:33:30 -0500 From: "Doug Poland" To: "Christian Weisgerber" Cc: Subject: RE: Lynx forbidden Date: Sun, 2 Apr 2000 13:33:28 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <8c7tfg$17jv$1@bigeye.rhein-neckar.de> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Christian Weisgerber kindly responded: > > > Doug Poland wrote: > > > How does a cracker exploit (or create?) buffer overflows > > that makes lynx vulnerable? > > Exploitation would take the form of somebody having a web site with > overlong URLs (and possibly some other structures lynx is vulnerable > to, I don't know the details of the security audit) that will > overflow lynx' internal buffers, clobber the stack, and cause this > remote data to be executed as code. > > Effectively, you would attempt to load a page and unwittingly > execute some code provided from the malicious server locally on > your system under your user ID and permissions. > > The possibilities for abuse are immense. Examples include deleting > all your files, modifying your .rhosts or ssh configuration in such > a way as to open up your account to unauthorized remote login, or > copying (possibly sensitive) personal data. > Thank you for the thorough explanation > > If I have lynx on my system, when am I at risk? > > When you access a remote untrusted web server. > Please note that the security status of other browsers such as w3m > is more along the lines of "unknown" rather than "safe". And I > don't even want to think about netscape. > This raises the question, is there a "safe" browser? And, how does one recognize and avoid untrusted web servers? > > Doesn't sysinstall use lynx to read on-line documentation? > > If it's so risky, why would the installation program use it? > > The recognition that lynx is unsafe is somewhat new, and the problem > will probably be fixed eventually. Also, there is no security risk > involved in using it to read the locally installed documentation. > I understand. > -- > Christian "naddy" Weisgerber naddy@mips.rhein-neckar.de > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message