From owner-freebsd-current@FreeBSD.ORG Fri Dec 30 05:39:20 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5113616A41F for ; Fri, 30 Dec 2005 05:39:20 +0000 (GMT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (p72-0-224-2.acedsl.com [72.0.224.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB30743D55 for ; Fri, 30 Dec 2005 05:39:19 +0000 (GMT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.13.4/8.13.4) with ESMTP id jBU5d7CE093554; Fri, 30 Dec 2005 00:39:07 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.13.4/8.13.3/Submit) id jBU5d6d9093553; Fri, 30 Dec 2005 00:39:06 -0500 (EST) (envelope-from barney) Date: Fri, 30 Dec 2005 00:39:06 -0500 From: Barney Wolff To: Martin Cracauer Message-ID: <20051230053906.GA75942@pit.databus.com> References: <20051229193328.A13367@cons.org> <20051230021602.GA9026@pit.databus.com> <43B498DF.4050204@cyberwang.net> <43B49B22.7040307@gmail.com> <20051229220403.A16743@cons.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051229220403.A16743@cons.org> User-Agent: Mutt/1.5.11 Cc: Barney Wolff , freebsd-current@freebsd.org, Sean Bryant Subject: Re: fetch extension - use local filename from content-disposition header X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 05:39:20 -0000 On Thu, Dec 29, 2005 at 10:04:03PM -0500, Martin Cracauer wrote: > > The security implications are about the same as for the base > functionality. Any filename in the current directory can be wiped out > if you fetch or wget and a URL redirects to another URL which leads to > a filename that matches. If fetch uses a redirected name as its local filename it is seriously broken and must be fixed. The manpage does not mention it. > The default behavior already *is* that the sending server has control > over your local naming. What does the security officer have to say about that, if true? > I will forbit "/" to appear in the suggested filename, though. Remember that the check must be made after any decoding of %xx et al. But no check will save the gullible from creating .shosts in $HOME or overwriting .profile . That's why I believe the whole thing is a bad idea. -- Barney Wolff http://www.databus.com/bwresume.pdf I never met a computer I didn't like.