Menu
▾
▴
Re: [xine-user] Re: Question about #save security
|
From: Michiel T. <Mic...@bi...> - 2003-10-16 14:49:59
|
On Thu, 2003-10-16 at 16:36, Mike Melanson wrote: > On 16 Oct 2003, Michiel Toneman wrote: > > > Just thought of a nasty case, what if sent back a Content-type: header > > of video/mpeg on a link like http://my.domain.com/.bashrc#save ? That > > would make MS Outlook users feel right at home ;-) > > IOW, there should, at the very least, be a check to see if the > file already exists. > There are many files in the home directory that are sourced/executed at login. (.bashrc .bash_profile .profile .xinitrc .xsession). I don't have a number of these files, but writing a little script file to them could be a disaster. I think that to stop you from shooting yourself in the foot, you should at least: 1) have to enable the save function manually through the configuration gui 2) have to specify a directory to save in; this may NOT be your home directory 3) not be able to overwrite files 4) not be able to escape the save directory Cheers, Michiel |