From owner-freebsd-current@FreeBSD.ORG Fri Dec 30 18:48:44 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B141C16A422 for ; Fri, 30 Dec 2005 18:48:44 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 13F7043D66 for ; Fri, 30 Dec 2005 18:48:26 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd5mr1so.prod.shaw.ca (pd5mr1so-qfe3.prod.shaw.ca [10.0.141.232]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0ISB00FOKQW60HE0@l-daemon> for freebsd-current@freebsd.org; Fri, 30 Dec 2005 11:48:06 -0700 (MST) Received: from pn2ml4so.prod.shaw.ca ([10.0.121.148]) by pd5mr1so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0ISB00K6PQW6RYC0@pd5mr1so.prod.shaw.ca> for freebsd-current@freebsd.org; Fri, 30 Dec 2005 11:48:06 -0700 (MST) Received: from [192.168.0.60] ([24.87.209.6]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0ISB007PJQW5AB80@l-daemon> for freebsd-current@freebsd.org; Fri, 30 Dec 2005 11:48:06 -0700 (MST) Date: Fri, 30 Dec 2005 10:47:46 -0800 From: Colin Percival In-reply-to: <20051230125227.A33408@cons.org> To: Martin Cracauer Message-id: <43B580D2.9070609@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.93.0.0 References: <20051229221459.A17102@cons.org> <030d01c60cf1$db80a290$1200a8c0@gsicomp.on.ca> <20051230035724.GA52167@nagual.pp.ru> <20051230125227.A33408@cons.org> User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051228) Cc: freebsd-current@freebsd.org Subject: Re: fetch extension - use local filename from content-dispositionheader (new diff) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Dec 2005 18:48:45 -0000 Martin Cracauer wrote: > Diff on > http:/www.cons.org/tmp/freebsd-fetch-O2.diff > > When discussing, keep in mind that the user has to explicity give the > -O option (there is no environment variable to permanently turn this > on) and that the implications of the -O options are very clear and > simple. And that the main use of this is for folks who have to go > through a gazillion of Bugzilla attachments all name > "customer-errlog.20051220" etc, and there is no other way to download > them in a name-preserving manner than interactively opening them in > Mozilla and saving them. > > Before we randomize the list even more I would say I'd like to hear > from the security officer if there is concern left. Ask and ye shall receive. :-) I must say that I still have some concerns about this. In general, creating a file with a server-specified name is a very easy way to open up security problems; aside from the already-mentioned problems of overwriting important system files or creating dot-files, I can very easily imagine a script which calls fetch(1) being in the current directory and being overwritten maliciously. I also wonder why having an option for fetch(1) to create files with server-specified names is necessary. It seems to me that the best way to provide the functionality you want is to add a "-H headername" option which instructs fetch(1) to print out the value (if any) of the "headername" HTTP header. Then you could have a script download the file you want to a safe location, look at the Content-Disposition header, sanity-check it, and rename the file as appropriate. Colin Percival