> > otoh, this isn't quite as drastic as some patches I've seen (on BugTraq ;-) > > that propose disabling setuid in ncurses lest it read the wrong terminal > > description... > > But ncurses is a library - that's completely different anyway. > The lynx code can find itself running setuid only after someone > has explicitly done 'chmod ... /path/to/lynx' or the equivalent, > right? That last BugTraq report used an example that relied on having the sysadmin install a corrupt lynx.cfg (if that's going to be the ground rules, I'd like to be able to assert more strongly that lynx will behave properly unless someone modifies its source ;-). > Klaus -- Thomas E. Dickey [EMAIL PROTECTED] http://www.clark.net/pub/dickey
