Date: Sat, 31 Dec 2005 03:43:45 -0800 From: Colin Percival <cperciva@freebsd.org> To: Martin Cracauer <cracauer@cons.org> Cc: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgra?= =?ISO-8859-1?Q?v?= <des@des.no>, freebsd-current@freebsd.org Subject: Re: fetch extension - use local filename from content-dispositionheader (new diff) Message-ID: <43B66EF1.4020906@freebsd.org> In-Reply-To: <20051231015102.A51804@cons.org> References: <20051229221459.A17102@cons.org> <868xu22mmp.fsf@xps.des.no> <200512301856.28800.jhb@freebsd.org> <200512310115.40490.jhb@freebsd.org> <20051231015102.A51804@cons.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Martin Cracauer wrote: > The security implications are easy to understand and very well in line > with other Unix features. Unpacking an tar or zip file has a lot more > potential to do damage than this (because the unpacking can also > contains permissions, you can put a *.cgi with a+x just for starters). > > How come nobody demands that the 3 files that come out of "foo.tar" > are named foo.1, foo.2 and foo.3 instead of bar.c, bar.h and Makefile? The situation isn't quite identical (if you unpack a tarball, you should get the same result every time, while a malicious server could be used for an adaptive attack), but your point is still quite reasonable. I withdraw my objection to this feature, as long as the manual page contains appropriate warnings about not using this flag if there are any files in the current working directory which you don't want to have overwritten. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43B66EF1.4020906>