Re: fetch extension - use local filename from content-disposition header

---

• From: Ádám Szilveszter <adamsz@xxxxxxxxxxx>
• Date: Fri, 30 Dec 2005 09:44:46 +0100 (CET)

---

On Pén, December 30, 2005 6:39 am, Barney Wolff wrote:
> What does the security officer have to say about that, if true?

You know, there are much bigger problems than that. For example the fact,
that any vulnerability in fetch(1) or libfetch(3) is a remote root
compromise candidate on FreeBSD, because the Ports system still insists on
running it as root by default downloading distfiles from unchecked amd
potentially unsecure servers all over the Internet. This is the real
problem, imho. However, when I mentioned this on -security in a thread
(about trusting trust) all I got back was that it was difficult to make
sure that all ports build as normal user. Which of course does not explain
fetching as root at all, but hey.

Regards and Happy New Year,

Sz.

------------------------------------------------------------------------
Telcsi.hu - A legújabb csengőhangok menő slágerekkel >>>
Polifónikus és normál csengőhangok >>> Animált és normál háttérképek >>>
MP3 effektek >>> http://www.telcsi.hu/index.php?prefix=VM


_______________________________________________
freebsd-current@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@xxxxxxxxxxx"

---

• Follow-Ups:
  • Re: fetch extension - use local filename from content-disposition header
    • From: John Baldwin
  • Re: fetch extension - use local filename from content-disposition header
    • From: Eygene A. Ryabinkin
  • Re: fetch extension - use local filename from content-disposition header
    • From: Dag-Erling Smørgrav

• References:
  • fetch extension - use local filename from content-disposition header
    • From: Martin Cracauer
  • Re: fetch extension - use local filename from content-disposition header
    • From: Barney Wolff
  • Re: fetch extension - use local filename from content-disposition header
    • From: Sean Bryant
  • Re: fetch extension - use local filename from content-disposition header
    • From: Pawel Worach
  • Re: fetch extension - use local filename from content-disposition header
    • From: Martin Cracauer
  • Re: fetch extension - use local filename from content-disposition header
    • From: Barney Wolff

• Prev by Date: Help compiling a C utility
• Next by Date: Re: Help compiling a C utility
• Previous by thread: Re: fetch extension - use local filename from content-disposition header
• Next by thread: Re: fetch extension - use local filename from content-disposition header
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: fetch extension - use local filename from content-disposition header ... >> What does the security officer have to say about that, ... there are much bigger problems than that. ... > running it as root by default downloading distfiles from unchecked amd ... > sure that all ports build as normal user. ... (freebsd-current) Re: Part root not extracted ... I am worried about a part of a root just left in the ... Leaving a root tip (as in doing the extraction at all) is a surgical judgement. ... But sometimes the root is near a structure and the surgeon judges that getting it out poses a risk of bigger problems. ... If the root is right below the gum however it should be removed. ... (sci.med.dentistry) Re: fetch extension - use local filename from content-disposition header ... because the Ports system still insists on ... > running it as root by default downloading distfiles from unchecked amd ... If you go into a ports directory and type 'make install clean' ... (freebsd-current)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > current  > 2005-12