fetch extension - use local filename from content-disposition header

Pawel Worach pawel.worach at gmail.com
Thu Dec 29 18:28:06 PST 2005

Sean Bryant wrote:
> Barney Wolff wrote:
>> On Thu, Dec 29, 2005 at 07:33:38PM -0500, Martin Cracauer wrote:
>>> I'm a bit rusty, so please point me to style mistakes in the appended
>>> diff.
>>> The following diff implements a "-O" option to fetch(1), which, when
>>> set, will make fetch use a local filename supplied by the server in a
>>> Content-Disposition header.
>> Have you considered the security implications of this option?
> Its just an extra option. I'm sure the details could be summed up in the 
> man page.

I think what Barney means is that if you run fetch(1) as root and the 
server returns the filename as "/sbin/init" bad things will happen.
The data returned in Content-Disposition should be used with caution.


More information about the freebsd-current mailing list