[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] Possible more elegant fix for Lynx vulnerability?
From: |
Thomas Dickey |
Subject: |
Re: [Lynx-dev] Possible more elegant fix for Lynx vulnerability? |
Date: |
Tue, 13 Oct 2020 14:51:24 -0400 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Tue, Oct 13, 2020 at 06:49:51AM -0500, Naveen Albert via Lynx-dev wrote:
> Hello,
>
> I've written up a whitepaper about a vulnerability with default Lynx
> configurations that could allow anonymous users potentially privilege
> escalate and compromise a machine:
> https://public.interlinked.us/3/lynx-filesystem
There's no new information presented there.
It's concerned with kiosk mode -- which no one appears to have used for
a while -- without presenting an example of where it's actually used.
Whether the default configuration for kiosk mode is suitable is a
different matter. The paper gives no indication that any of that was
taken into account, either. It certainly gives the impression that the
author is unaware of how to configure lynx for kiosk mode.
The manual page is a good place to start for that information.
--
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature