[tor-talk] wget - secure?
tomtidaly at sigaint.org
tomtidaly at sigaint.org
Thu Aug 13 03:02:20 UTC 2015
> On 2012-04-20, Robert Ransom wrote
<https://lists.torproject.org/pipermail/tor-talk/2012-April/024040.html>:
> No, the underlying point is that I have personally seen wget send my
> computer's IP address over Tor in an FTP PORT command. wget is not
> ‘100% safe’.
> The code to send a PORT command is still present in wget 1.13.4. wget
> 1.13.4 is not ‘100% safe’; anyone who wants to recommend it needs to
> specify a particular configuration of wget which is safe. (Don't
> count on a ‘default configuration’; Linux distributors might have
> messed with it, or failed to update it to the version shipped in
> recent wget source distributions.)
> Robert Ransom
I asked a question asked about this issue on the wget mailing list this
week and a patch was provided by Tim Ruehsen. If you have time it would be
great if you read the mailing list discussion to see if I got the issue
correct, and if your happy with the patch.
https://lists.gnu.org/archive/html/bug-wget/2015-08/msg00020.html
More information about the tor-talk
mailing list