Re: fetch extension - use local filename from content-disposition header

---

• From: Pawel Worach <pawel.worach@xxxxxxxxx>
• Date: Fri, 30 Dec 2005 03:27:46 +0100

---

Sean Bryant wrote:

Barney Wolff wrote:

On Thu, Dec 29, 2005 at 07:33:38PM -0500, Martin Cracauer wrote:

I'm a bit rusty, so please point me to style mistakes in the appended
diff.
The following diff implements a "-O" option to fetch(1), which, when
set, will make fetch use a local filename supplied by the server in a
Content-Disposition header.

Have you considered the security implications of this option?

Its just an extra option. I'm sure the details could be summed up in the man page.

I think what Barney means is that if you run fetch(1) as root and the server returns the filename as "/sbin/init" bad things will happen.
The data returned in Content-Disposition should be used with caution.

--
Pawel
_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: fetch extension - use local filename from content-disposition header
    • From: Matt Emmerton
  • Re: fetch extension - use local filename from content-disposition header
    • From: Martin Cracauer

• References:
  • fetch extension - use local filename from content-disposition header
    • From: Martin Cracauer
  • Re: fetch extension - use local filename from content-disposition header
    • From: Barney Wolff
  • Re: fetch extension - use local filename from content-disposition header
    • From: Sean Bryant

• Prev by Date: Re: fetch extension - use local filename from content-disposition header
• Next by Date: Re: fetch extension - use local filename from content-disposition header
• Previous by thread: Re: fetch extension - use local filename from content-disposition header
• Next by thread: Re: fetch extension - use local filename from content-disposition header
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: fetch extension - use local filename from content-disposition header ... diff. ... will make fetch use a local filename supplied by the server in a ... Its just an extra option. ... (freebsd-current) Re: SFTPing a File From stdin ... Well, assuming the server really supports sftp, as suggested by your ... I haven't verified this though - see diff 2 below if you just don't ... (comp.security.ssh) Re: yum-presto - fast updates for Fedora 7 ... binary/rpm diff. ... If it's the client, that really doesn't cut down on ... where the server does it's thing and reports back to the client ... possibly monetarily) than the bandwidth. ... (Fedora) The server was unable to allocate from the system nonpaged pool ... The server was unable to allocate from the system nonpaged pool ... when it happened, the server is freeze, can't VNC ... Diff - 5023 ... (microsoft.public.windows.server.general) Re: Good way to not forget to install gems on a server? ... same into a different file, and bitches if a diff between the files ... reveals any differences. ... It's crazy enough to work, ... Then the server makes a differently named ... (comp.lang.ruby)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > current  > 2005-12