Re: [dev] security issue running surf from home folder

2015-01-15 Thread Carlos Torres
Hello, On Wed, Jan 7, 2015 at 3:29 PM, Christoph Lohmann <2...@r-36.net> wrote: > Theses patches have been discussed on IRC. The optimal solution has been > to make the default DOWNLOAD macro to ask for a string. If the string is > empty, pass ‐O to curl, if it’s non‐empty add ‐‐create‐dirs

Re: [dev] security issue running surf from home folder

2015-01-08 Thread tautolog
list Reply To: dev mail list Subject: Re: [dev] security issue running surf from home folder On Thu, Jan 8, 2015 at 7:07 AM, wrote: > Say you call up surf just to download a file, from a working directory. > You would expect the download to go into the working directly, as if you >

Re: [dev] security issue running surf from home folder

2015-01-08 Thread tautolog
: [dev] security issue running surf from home folder Christoph Lohmann said: > Theses patches have been discussed on IRC. The optimal solution has been > to make the default DOWNLOAD macro to ask for a string. If the string is > empty, pass ‐O to curl, if it’s non‐empty add ‐‐create‐di

Re: [dev] security issue running surf from home folder

2015-01-08 Thread Dmitrij D. Czarkoff
Christoph Lohmann said: > Theses patches have been discussed on IRC. The optimal solution has been > to make the default DOWNLOAD macro to ask for a string. If the string is > empty, pass ‐O to curl, if it’s non‐empty add ‐‐create‐dirs and ‐o > $string to curl. > > Any comments on this? If

Re: [dev] security issue running surf from home folder

2015-01-08 Thread Jakukyo Friel
On Thu, Jan 8, 2015 at 7:07 AM, wrote: > Say you call up surf just to download a file, from a working directory. > You would expect the download to go into the working directly, as if you > called curl or wget. 1. I tend to think surf will download to a default place, for example `~/Deskt

Re: [dev] security issue running surf from home folder

2015-01-07 Thread tautolog
urity issue running surf from home folder Heyho, Christoph Lohmann wrote: > Theses patches have been discussed on IRC. The optimal solution has been > to make the default DOWNLOAD macro to ask for a string. If the string is > empty, pass ‐O to curl, if it’s non‐empty add ‐‐create‐dirs an

Re: [dev] security issue running surf from home folder

2015-01-07 Thread Markus Teich
Heyho, Christoph Lohmann wrote: > Theses patches have been discussed on IRC. The optimal solution has been > to make the default DOWNLOAD macro to ask for a string. If the string is > empty, pass ‐O to curl, if it’s non‐empty add ‐‐create‐dirs and ‐o > $string to curl. Is there a log from t

Re: [dev] security issue running surf from home folder

2015-01-07 Thread Christoph Lohmann
Greetings. On Wed, 07 Jan 2015 21:29:39 +0100 Ben Woolley wrote: > The config.def.h file has a define for DOWNLOAD that just opens up curl, > and surf.c calls DOWNLOAD without any prompting. Theses patches have been discussed on IRC. The optimal solution has been to make the default DOWNLOAD mac

[dev] security issue running surf from home folder

2015-01-07 Thread Ben Woolley
Hi all, Firstly, I would like to thank everyone for the surf browser. Its simplicity is a thing of beauty, and working with it has been a pleasure. I have added features easily, and its code is easy to audit, which means security issues can be found and fixed easily, even by a random user like me.