Date: 2 Apr 2000 18:45:36 +0200 From: naddy@mips.rhein-neckar.de (Christian Weisgerber) To: freebsd-questions@freebsd.org Subject: Re: Lynx forbidden Message-ID: <8c7tfg$17jv$1@bigeye.rhein-neckar.de> References: <20000402024251.A3917@kagan.quedawg.com> <NDBBKMNOJKJGAEKJNLIAIEIPDDAA.dpoland@execpc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Poland <dpoland@execpc.com> wrote: > How does a cracker exploit (or create?) buffer overflows > that makes lynx vulnerable? Exploitation would take the form of somebody having a web site with overlong URLs (and possibly some other structures lynx is vulnerable to, I don't know the details of the security audit) that will overflow lynx' internal buffers, clobber the stack, and cause this remote data to be executed as code. Effectively, you would attempt to load a page and unwittingly execute some code provided from the malicious server locally on your system under your user ID and permissions. The possibilities for abuse are immense. Examples include deleting all your files, modifying your .rhosts or ssh configuration in such a way as to open up your account to unauthorized remote login, or copying (possibly sensitive) personal data. > If I have lynx on my system, when am I at risk? When you access a remote untrusted web server. Please note that the security status of other browsers such as w3m is more along the lines of "unknown" rather than "safe". And I don't even want to think about netscape. > Doesn't sysinstall use lynx to read on-line documentation? > If it's so risky, why would the installation program use it? The recognition that lynx is unsafe is somewhat new, and the problem will probably be fixed eventually. Also, there is no security risk involved in using it to read the locally installed documentation. -- Christian "naddy" Weisgerber naddy@mips.rhein-neckar.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8c7tfg$17jv$1>