Lists Home |
Date Index |
Paul Prescod wrote,
> Miles Sabin wrote:
> > Apparently not ...
> > http://www.kb.cert.org/vuls/id/210148
> But note that there is a difference between downloading URIs and
> dereferencing them. Dare was talking about dereferencing and piping
> to less. The data never touches the file system (under any name).
In this case that's probably true ... in fact, I think the vulnerability
only affects multiple gets, where the client first retrieves then
blindly trusts a list of names from the server.
But my point still stands. It isn't just clients executing retrieved
"active" content that represents a risk: flaws in the clients
implementation of the base protocol can be just as dangerous. Even tho'
_this_particular_ wget vulnerability probably wouldn't be tripped in
the kind of scenarios that Tim was talking about, it's only a whisker
away from something that _would_ be dangerous.
So how much do you trust the implementations of the network clients you
use? Do you trust them enough to have a process feed them arbitrary
URIs for dereferencing while left unattended?