[Bug-wget] Supercookie issues

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] Supercookie issues

From:	Tim Ruehsen
Subject:	[Bug-wget] Supercookie issues
Date:	Fri, 9 Nov 2012 16:27:35 +0100
User-agent:	KMail/1.13.7 (Linux/3.2.0-4-amd64; KDE/4.8.4; x86_64; ; )

While implementing cookies for Mget (https://github.com/rockdaboot/mget) 
conforming to RFC 6265, I stubled over http://publicsuffix.org/ (Mozilla 
Public Suffix List).

Looking at Wget sources discovers, that there is just a very incomplete check 
for public suffixes. That implies a very severe vulnerability to "supercookie" 
attacks when cookies are switched on (they are by default).

Since Mget was ment as a Wget2 candidate (all or parts of the sources), please 
feel free to copy the needed sourcecode from it (see cookie.c/cookie.h and 
tests/test.c for test routines). Right now, I just don't have the time to do 
the work, but of course I will answer your questions.

ShouldN't there be a warning within the docs / man pages.
What do you think ?

Regards, Tim

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] Supercookie issues, Tim Ruehsen <=
- Re: [Bug-wget] Supercookie issues, Ángel González, 2012/11/09
  - Re: [Bug-wget] Supercookie issues, Tim Rühsen, 2012/11/09
    - Re: [Bug-wget] Supercookie issues, Ángel González, 2012/11/09
    - Re: [Bug-wget] Supercookie issues, Tim Rühsen, 2012/11/11

Prev by Date: [Bug-wget] [PATCH] Test-cookies.px
Next by Date: Re: [Bug-wget] Supercookie issues
Previous by thread: [Bug-wget] [PATCH] Test-cookies.px
Next by thread: Re: [Bug-wget] Supercookie issues
Index(es):
- Date
- Thread