Re: [Bug-wget] --trust-server-names

2012-04-14 Thread David H. Lipman 
From: "Ángel González" 

> On 14/04/12 02:17, David H. Lipman wrote:
>> I eat PDF Exploit files for breakfast.
>
> And how about a server that calls its malware ".bashrc"?
>
 Since it is a non standard named file, I will open it in FileInsight
 and examine the binary.  If I don't recognize its format, I'll run the
 TrID plug-in and detrrmine its format.  I will treat the file
 accordingly.
>>> .bashrc is the name of a file executed automatically by bash(1) on
>>> startup if present in the home folder. As such, that can lead to code
>>> execution.
>>
>> Not on Windows.
> Unless you use eg. msys
>
> I was explaining the vulnerability. If you feel you're safe, you can go
> with the
> option. We assume you'll be careful enough not to shoot yourself in the
> foot.
>

And I apreciate that fact - Thanx!



-- 
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Re: [Bug-wget] --trust-server-names

2012-04-14 Thread Ángel González 
On 14/04/12 02:17, David H. Lipman wrote:
> I eat PDF Exploit files for breakfast. 

 And how about a server that calls its malware ".bashrc"?

>>> Since it is a non standard named file, I will open it in FileInsight
>>> and examine the binary.  If I don't recognize its format, I'll run the
>>> TrID plug-in and detrrmine its format.  I will treat the file
>>> accordingly.
>> .bashrc is the name of a file executed automatically by bash(1) on
>> startup if present in the home folder. As such, that can lead to code
>> execution.
>
> Not on Windows.
Unless you use eg. msys

I was explaining the vulnerability. If you feel you're safe, you can go
with the
option. We assume you'll be careful enough not to shoot yourself in the
foot.

Regards

Re: [Bug-wget] patches for TLS SNI support and --match-query-string option

2012-04-14 Thread Giuseppe Scrivano 
Noël Köthe  writes:

> TLS SNI support
> https://savannah.gnu.org/bugs/?26786

I have cleaned it a bit and applied with the commit:
gscriv...@gnu.org-20120413215846-h0ebcgpgj1p0q9th


> --match-query-string option
> https://savannah.gnu.org/bugs/?31147

this patch is incomplete and in any case the patch proposed by Gijs[1]
covers the possibility to match against the query string too.

Cheers,
Giuseppe

1) http://lists.gnu.org/archive/html/bug-wget/2012-04/msg9.html