[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] Filename to save to
|
From: |
Volker Kuhlmann |
|
Subject: |
Re: [Bug-wget] Filename to save to |
|
Date: |
Fri, 06 Jan 2012 16:17:47 +1300 |
|
User-agent: |
KMail/1.13.6 (Linux/2.6.37.6-0.9-desktop; KDE/4.6.0; x86_64; ; ) |
On Fri, 06 Jan 2012 14:34:59 Mike Frysinger wrote:
> not a bug. look up "CVE-2010-2252" as to why this is correct default
> behavior. use --trust-server-names if you want to use the server name.
Thanks Mike.
I didn't say it was a bug, but it is a pain. I emailed this address
because wget --help says
Mail bug reports and suggestions to <address@hidden>.
Reading the CVE description gives me the impression that the security
problem only exists if one was silly enough to allow overwriting
existing files, create/change ~/.wgetrc, allow creating files in places
other than below the current directory or with ../ in the path, or dot
files in the home directory. That shouldn't be difficult to test for.
There is no option --trust-server-names.
Proof:
wget --help | grep -i trust [empty]
man wget | grep -i trust [empty]
wget --trust-server-names
wget: unrecognized option '--trust-server-names'
Thanks,
Volker
--
Volker Kuhlmann
http://volker.dnsalias.net/ Please do not CC list postings to me.