Re: [Bug-wget] --trust-server-names
From: "Ángel González" > On 14/04/12 02:17, David H. Lipman wrote: >> I eat PDF Exploit files for breakfast. > > And how about a server that calls its malware ".bashrc"? > Since it is a non standard named file, I will open it in FileInsight and examine the binary. If I don't recognize its format, I'll run the TrID plug-in and detrrmine its format. I will treat the file accordingly. >>> .bashrc is the name of a file executed automatically by bash(1) on >>> startup if present in the home folder. As such, that can lead to code >>> execution. >> >> Not on Windows. > Unless you use eg. msys > > I was explaining the vulnerability. If you feel you're safe, you can go > with the > option. We assume you'll be careful enough not to shoot yourself in the > foot. > And I apreciate that fact - Thanx! -- Dave Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk http://www.pctipp.ch/downloads/dl/35905.asp
Re: [Bug-wget] --trust-server-names
On 14/04/12 02:17, David H. Lipman wrote: > I eat PDF Exploit files for breakfast. And how about a server that calls its malware ".bashrc"? >>> Since it is a non standard named file, I will open it in FileInsight >>> and examine the binary. If I don't recognize its format, I'll run the >>> TrID plug-in and detrrmine its format. I will treat the file >>> accordingly. >> .bashrc is the name of a file executed automatically by bash(1) on >> startup if present in the home folder. As such, that can lead to code >> execution. > > Not on Windows. Unless you use eg. msys I was explaining the vulnerability. If you feel you're safe, you can go with the option. We assume you'll be careful enough not to shoot yourself in the foot. Regards
Re: [Bug-wget] patches for TLS SNI support and --match-query-string option
Noël Köthe writes: > TLS SNI support > https://savannah.gnu.org/bugs/?26786 I have cleaned it a bit and applied with the commit: gscriv...@gnu.org-20120413215846-h0ebcgpgj1p0q9th > --match-query-string option > https://savannah.gnu.org/bugs/?31147 this patch is incomplete and in any case the patch proposed by Gijs[1] covers the possibility to match against the query string too. Cheers, Giuseppe 1) http://lists.gnu.org/archive/html/bug-wget/2012-04/msg9.html