fetch extension - use local filename from content-disposition header

Ádám Szilveszter adamsz at mailpont.hu
Fri Dec 30 00:44:51 PST 2005

On Pén, December 30, 2005 6:39 am, Barney Wolff wrote:
> What does the security officer have to say about that, if true?

You know, there are much bigger problems than that. For example the fact,
that any vulnerability in fetch(1) or libfetch(3) is a remote root
compromise candidate on FreeBSD, because the Ports system still insists on
running it as root by default downloading distfiles from unchecked amd
potentially unsecure servers all over the Internet. This is the real
problem, imho. However, when I mentioned this on -security in a thread
(about trusting trust) all I got back was that it was difficult to make
sure that all ports build as normal user. Which of course does not explain
fetching as root at all, but hey.

Regards and Happy New Year,


Telcsi.hu - A legújabb csengőhangok menő slágerekkel >>>
Polifónikus és normál csengőhangok >>> Animált és normál háttérképek >>>
MP3 effektek >>> http://www.telcsi.hu/index.php?prefix=VM

More information about the freebsd-current mailing list