On Fri, 06 Jan 2012 14:34:59 Mike Frysinger wrote: > not a bug. look up "CVE-2010-2252" as to why this is correct default > behavior. use --trust-server-names if you want to use the server name.
Thanks Mike. I didn't say it was a bug, but it is a pain. I emailed this address because wget --help says Mail bug reports and suggestions to <[email protected]>. Reading the CVE description gives me the impression that the security problem only exists if one was silly enough to allow overwriting existing files, create/change ~/.wgetrc, allow creating files in places other than below the current directory or with ../ in the path, or dot files in the home directory. That shouldn't be difficult to test for. There is no option --trust-server-names. Proof: wget --help | grep -i trust [empty] man wget | grep -i trust [empty] wget --trust-server-names wget: unrecognized option '--trust-server-names' Thanks, Volker -- Volker Kuhlmann http://volker.dnsalias.net/ Please do not CC list postings to me.
