Re: [dev] security issue running surf from home folder
Hi Markus,
I can summarize from my perspective. I good point was made that creating a directory is to be avoided. I think it comes down to the command-line way of launching surf, the alternative to launching surf from a launcher based out of the home folder.
Say you call up surf just to download a file, from a working directory. You would expect the download to go into the working directly, as if you called curl or wget. With my original proposal, it would go somewhere unexpected. But with a prompt, the file can go anywhere safely.
I originally had a prompt in my solution, but thought that Safari's solution to this webkit behavior would be better adopted, but Safari is not command-line driven, and surf clearly is.
Ben
Original Message
From: Markus Teich
Sent: Wednesday, January 7, 2015 2:28 PM
To: dev_AT_suckless.org
Reply To: dev mail list
Subject: Re: [dev] security issue running surf from home folder
Heyho,
Christoph Lohmann wrote:
> Theses patches have been discussed on IRC. The optimal solution has been
> to make the default DOWNLOAD macro to ask for a string. If the string is
> empty, pass ‐O to curl, if it’s non‐empty add ‐‐create‐dirs and ‐o
> $string to curl.
Is there a log from the discussion? I am interested in the reasons behind
this proposal.
--Markus
Received on Thu Jan 08 2015 - 00:07:29 CET
This archive was generated by hypermail 2.3.0
: Thu Jan 08 2015 - 00:12:51 CET