Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 31 Dec 2005 03:43:45 -0800
From:      Colin Percival <cperciva@freebsd.org>
To:        Martin Cracauer <cracauer@cons.org>
Cc:        =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgra?= =?ISO-8859-1?Q?v?= <des@des.no>, freebsd-current@freebsd.org
Subject:   Re: fetch extension - use local filename from content-dispositionheader (new diff)
Message-ID:  <43B66EF1.4020906@freebsd.org>
In-Reply-To: <20051231015102.A51804@cons.org>
References:  <20051229221459.A17102@cons.org> <868xu22mmp.fsf@xps.des.no> <200512301856.28800.jhb@freebsd.org> <200512310115.40490.jhb@freebsd.org> <20051231015102.A51804@cons.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Martin Cracauer wrote:
> The security implications are easy to understand and very well in line
> with other Unix features.  Unpacking an tar or zip file has a lot more
> potential to do damage than this (because the unpacking can also
> contains permissions, you can put a *.cgi with a+x just for starters).
> 
> How come nobody demands that the 3 files that come out of "foo.tar"
> are named foo.1, foo.2 and foo.3 instead of bar.c, bar.h and Makefile?

The situation isn't quite identical (if you unpack a tarball, you should
get the same result every time, while a malicious server could be used
for an adaptive attack), but your point is still quite reasonable.

I withdraw my objection to this feature, as long as the manual page
contains appropriate warnings about not using this flag if there are
any files in the current working directory which you don't want to
have overwritten.

Colin Percival



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43B66EF1.4020906>