Sean Bryant wrote: > Barney Wolff wrote: > >> On Thu, Dec 29, 2005 at 07:33:38PM -0500, Martin Cracauer wrote: >> >> >>> I'm a bit rusty, so please point me to style mistakes in the appended >>> diff. >>> The following diff implements a "-O" option to fetch(1), which, when >>> set, will make fetch use a local filename supplied by the server in a >>> Content-Disposition header. >>> >> >> Have you considered the security implications of this option? >> >> >> > Its just an extra option. I'm sure the details could be summed up in the > man page. I think what Barney means is that if you run fetch(1) as root and the server returns the filename as "/sbin/init" bad things will happen. The data returned in Content-Disposition should be used with caution. -- PawelReceived on Fri Dec 30 2005 - 01:28:06 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:49 UTC