[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [PATCH] Improve PSL cookie checking
|
From: |
Tim Rühsen |
|
Subject: |
[Bug-wget] [PATCH] Improve PSL cookie checking |
|
Date: |
Fri, 12 Aug 2016 00:08:00 +0200 |
|
User-agent: |
KMail/5.2.3 (Linux/4.6.0-1-amd64; KDE/5.23.0; x86_64; ; ) |
Whenever a HTTP server sends cookies, we have to check for validity before we
accept them. The Mozilla Publix Suffix List (PSL[0]) provides a set of rules
that allows to detect some forms of domain misuses (which would allow privacy
leaking of cookies, e.g. login information leaks).
Here is a patch that allows Wget to automatically load the latest PSL, if
provided by a distribution/package.
Using PSL in DAFSA[1] format is recommended - as Debian provides in it's
latest 'publicsuffix' package. Plain text PSL still works, but needs a bunch of
parsing and processing while the DAFSA format doesn't (just a read - and it is
ready to use).
Libpsl[2] 0.14.+ provides a tool to compile plain text PSL into DAFSA format.
I chose a configure option to allow package maintainers to set a default PSL
file at build time. If it can't be read, the code falls back to the built-in
data of libpsl.
Please review and comment.
Regards, Tim
[0] https://publicsuffix.org/
[1] https://en.wikipedia.org/wiki/Deterministic_acyclic_finite_state_automaton
[2] https://github.com/rockdaboot/libpsl
0001-Improve-PSL-cookie-checking.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug-wget] [PATCH] Improve PSL cookie checking,
Tim Rühsen <=