From owner-freebsd-current@FreeBSD.ORG Fri Dec 30 03:04:09 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CB5A516A41F for ; Fri, 30 Dec 2005 03:04:09 +0000 (GMT) (envelope-from cracauer@schlepper.zs64.net) Received: from schlepper.zs64.net (schlepper.zs64.net [212.12.50.230]) by mx1.FreeBSD.org (Postfix) with ESMTP id C08E543D60 for ; Fri, 30 Dec 2005 03:04:08 +0000 (GMT) (envelope-from cracauer@schlepper.zs64.net) Received: from schlepper.zs64.net (schlepper [212.12.50.230]) by schlepper.zs64.net (8.13.3/8.12.9) with ESMTP id jBU343t3016860; Fri, 30 Dec 2005 04:04:04 +0100 (CET) (envelope-from cracauer@schlepper.zs64.net) Received: (from cracauer@localhost) by schlepper.zs64.net (8.13.3/8.12.9/Submit) id jBU3436q016859; Thu, 29 Dec 2005 22:04:03 -0500 (EST) (envelope-from cracauer) Date: Thu, 29 Dec 2005 22:04:03 -0500 From: Martin Cracauer To: Pawel Worach Message-ID: <20051229220403.A16743@cons.org> References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <43B49B22.7040307@gmail.com>; from pawel.worach@gmail.com on Fri, Dec 30, 2005 at 03:27:46AM +0100 Cc: Barney Wolff , Martin Cracauer , freebsd-current@freebsd.org, Sean Bryant Subject: Re: fetch extension - use local filename from content-disposition header X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 03:04:09 -0000 Pawel Worach wrote on Fri, Dec 30, 2005 at 03:27:46AM +0100: > Sean Bryant wrote: > > Barney Wolff wrote: > > > >> On Thu, Dec 29, 2005 at 07:33:38PM -0500, Martin Cracauer wrote: > >> > >> > >>> I'm a bit rusty, so please point me to style mistakes in the appended > >>> diff. > >>> The following diff implements a "-O" option to fetch(1), which, when > >>> set, will make fetch use a local filename supplied by the server in a > >>> Content-Disposition header. > >>> > >> > >> Have you considered the security implications of this option? > >> > >> > >> > > Its just an extra option. I'm sure the details could be summed up in the > > man page. > > I think what Barney means is that if you run fetch(1) as root and the > server returns the filename as "/sbin/init" bad things will happen. > The data returned in Content-Disposition should be used with caution. First, the option of off by default, only when you say "-O" it will be considered. The security implications are about the same as for the base functionality. Any filename in the current directory can be wiped out if you fetch or wget and a URL redirects to another URL which leads to a filename that matches. The default behavior already *is* that the sending server has control over your local naming. I will forbit "/" to appear in the suggested filename, though. Martin -- %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Martin Cracauer http://www.cons.org/cracauer/ FreeBSD - where you want to go, today. http://www.freebsd.org/