From owner-freebsd-current@FreeBSD.ORG  Fri Dec 30 03:08:28 2005
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 31FB716A41F
	for <freebsd-current@freebsd.org>; Fri, 30 Dec 2005 03:08:28 +0000 (GMT)
	(envelope-from matt@gsicomp.on.ca)
Received: from skippyii.compar.com (compar.com [216.208.38.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8A7E143D6E
	for <freebsd-current@freebsd.org>; Fri, 30 Dec 2005 03:08:22 +0000 (GMT)
	(envelope-from matt@gsicomp.on.ca)
Received: from hermes (CPE00062566c7bb-CM0011e6ede298.cpe.net.cable.rogers.com
	[70.28.254.189])
	by skippyii.compar.com (8.13.1/8.13.1) with ESMTP id jBU39W51059497;
	Thu, 29 Dec 2005 22:09:35 -0500 (EST)
	(envelope-from matt@gsicomp.on.ca)
Message-ID: <023f01c60cee$668f60a0$1200a8c0@gsicomp.on.ca>
From: "Matt Emmerton" <matt@gsicomp.on.ca>
To: "Pawel Worach" <pawel.worach@gmail.com>, "Sean Bryant" <sean@cyberwang.net>
References: <20051229193328.A13367@cons.org>	<20051230021602.GA9026@pit.databus.com><43B498DF.4050204@cyberwang.net>
	<43B49B22.7040307@gmail.com>
Date: Thu, 29 Dec 2005 22:09:03 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506
Cc: Barney Wolff <barney@databus.com>, Martin Cracauer <cracauer@cons.org>,
	freebsd-current@freebsd.org
Subject: Re: fetch extension - use local filename from content-disposition
	header
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Dec 2005 03:08:28 -0000

> Sean Bryant wrote:
> > Barney Wolff wrote:
> >
> >> On Thu, Dec 29, 2005 at 07:33:38PM -0500, Martin Cracauer wrote:
> >>
> >>
> >>> I'm a bit rusty, so please point me to style mistakes in the appended
> >>> diff.
> >>> The following diff implements a "-O" option to fetch(1), which, when
> >>> set, will make fetch use a local filename supplied by the server in a
> >>> Content-Disposition header.
> >>>
> >>
> >> Have you considered the security implications of this option?
> >>
> >>
> >>
> > Its just an extra option. I'm sure the details could be summed up in the
> > man page.
>
> I think what Barney means is that if you run fetch(1) as root and the
> server returns the filename as "/sbin/init" bad things will happen.
> The data returned in Content-Disposition should be used with caution.

Would checking to see if the target file exists, and if so, abort the
operation and display a warning be sufficient to address the security
issues?  Of course, we'd need some kind of "force" option to override this
for the foot-shooting folks, and -f is already taken, but that could easily
be documented as a "limitation" of this option.

Regards,
--
Matt Emmerton