> Sean Bryant wrote: > > Barney Wolff wrote: > > > >> On Thu, Dec 29, 2005 at 07:33:38PM -0500, Martin Cracauer wrote: > >> > >> > >>> I'm a bit rusty, so please point me to style mistakes in the appended > >>> diff. > >>> The following diff implements a "-O" option to fetch(1), which, when > >>> set, will make fetch use a local filename supplied by the server in a > >>> Content-Disposition header. > >>> > >> > >> Have you considered the security implications of this option? > >> > >> > >> > > Its just an extra option. I'm sure the details could be summed up in the > > man page. > > I think what Barney means is that if you run fetch(1) as root and the > server returns the filename as "/sbin/init" bad things will happen. > The data returned in Content-Disposition should be used with caution. Would checking to see if the target file exists, and if so, abort the operation and display a warning be sufficient to address the security issues? Of course, we'd need some kind of "force" option to override this for the foot-shooting folks, and -f is already taken, but that could easily be documented as a "limitation" of this option. Regards, -- Matt EmmertonReceived on Fri Dec 30 2005 - 02:08:28 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:49 UTC