fetch extension - use local filename from content-disposition header

Martin Cracauer cracauer at cons.org
Thu Dec 29 19:04:09 PST 2005


Pawel Worach wrote on Fri, Dec 30, 2005 at 03:27:46AM +0100: 
> Sean Bryant wrote:
> > Barney Wolff wrote:
> > 
> >> On Thu, Dec 29, 2005 at 07:33:38PM -0500, Martin Cracauer wrote:
> >>  
> >>
> >>> I'm a bit rusty, so please point me to style mistakes in the appended
> >>> diff.
> >>> The following diff implements a "-O" option to fetch(1), which, when
> >>> set, will make fetch use a local filename supplied by the server in a
> >>> Content-Disposition header.
> >>>   
> >>
> >> Have you considered the security implications of this option?
> >>
> >>  
> >>
> > Its just an extra option. I'm sure the details could be summed up in the 
> > man page.
> 
> I think what Barney means is that if you run fetch(1) as root and the 
> server returns the filename as "/sbin/init" bad things will happen.
> The data returned in Content-Disposition should be used with caution.

First, the option of off by default, only when you say "-O" it will be
considered. 

The security implications are about the same as for the base
functionality.  Any filename in the current directory can be wiped out
if you fetch or wget and a URL redirects to another URL which leads to
a filename that matches.  

The default behavior already *is* that the sending server has control
over your local naming.

I will forbit "/" to appear in the suggested filename, though.

Martin
-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <cracauer at cons.org>   http://www.cons.org/cracauer/
FreeBSD - where you want to go, today.      http://www.freebsd.org/


More information about the freebsd-current mailing list