fetch extension - use local filename from content-disposition
header
Pawel Worach
pawel.worach at gmail.com
Thu Dec 29 18:28:06 PST 2005
Sean Bryant wrote:
> Barney Wolff wrote:
>
>> On Thu, Dec 29, 2005 at 07:33:38PM -0500, Martin Cracauer wrote:
>>
>>
>>> I'm a bit rusty, so please point me to style mistakes in the appended
>>> diff.
>>> The following diff implements a "-O" option to fetch(1), which, when
>>> set, will make fetch use a local filename supplied by the server in a
>>> Content-Disposition header.
>>>
>>
>> Have you considered the security implications of this option?
>>
>>
>>
> Its just an extra option. I'm sure the details could be summed up in the
> man page.
I think what Barney means is that if you run fetch(1) as root and the
server returns the filename as "/sbin/init" bad things will happen.
The data returned in Content-Disposition should be used with caution.
--
Pawel
More information about the freebsd-current
mailing list