fetch extension - use local filename from content-disposition header

Barney Wolff barney at databus.com
Thu Dec 29 21:39:20 PST 2005

On Thu, Dec 29, 2005 at 10:04:03PM -0500, Martin Cracauer wrote:
> The security implications are about the same as for the base
> functionality.  Any filename in the current directory can be wiped out
> if you fetch or wget and a URL redirects to another URL which leads to
> a filename that matches.  

If fetch uses a redirected name as its local filename it is seriously
broken and must be fixed.  The manpage does not mention it.

> The default behavior already *is* that the sending server has control
> over your local naming.

What does the security officer have to say about that, if true?

> I will forbit "/" to appear in the suggested filename, though.

Remember that the check must be made after any decoding of %xx et al.
But no check will save the gullible from creating .shosts in $HOME or
overwriting .profile .
That's why I believe the whole thing is a bad idea.

Barney Wolff         http://www.databus.com/bwresume.pdf
I never met a computer I didn't like.

More information about the freebsd-current mailing list