Re: [Lynx-dev] Possible more elegant fix for Lynx vulnerability?

[Naveen Albert]

On 10/13/2020 10:29 AM, Thorsten Glaser wrote:
> Naveen Albert via Lynx-dev dixit:
>
> >     I've written up a whitepaper about a vulnerability with default Lynx
> |   This whitepaper discusses an unintended configuration-based
> |   (non-technical) vulnerability that allows guest users in a poorly
> |   secured shell application to exploit loose security restrictions in
> |   the Lynx text-based web browser to bypass security mechanisms and
> |   access sensitive system information, allowing malicious users to
> |   potentially obtain root access to a system and compromise the entire
> |   machine. The vulnerability stems from default security settings in
> |   the Lynx browser that allow full system access.
>
> This is complete nōnsense. It is only proper of lynx to allow local
> users full local access. If someone wants to run it as restricted
> application on a shell service, they need to restrict local operations
> differently anyway.

That's what I thought you'd say. The question was more along the lines 
of making it easier to make these restrictions, which are currently not 
possible using Lynx alone. At best, some of the security restrictions 
are misleading since they're not actually sufficient. A wrapper around 
Lynx is needed.

The patches described are being used by many people now, including 
myself, but it's not super 'clean'. Regardless, it works, and thanks for 
your thoughts. I personally agree, and I'm shaking my head at the people 
who thought this was "okay".

NA