On 8/24/06, Steve Bennett <stevage(a)gmail.com> wrote:
Maybe since the GET operation is not exactly the same
as the HTTP
upload operation (again I don't know what I'm talking about), there
would be a way of forcing MediaWiki to download something harmful to
itself, such as an executable, or a file that would cause a buffer
overrun?
Buffer overruns are critical security flaws that are always specific
to a particular implementation's misprogramming. PHP does not have
any known buffer overruns; if it did, they'd likely be patched within
days if not hours.
What if you set up a dodgy server that said it was
going to
download you a nice little .gif file, and instead sent you 10 gig of
executable?
Same as if a user tries to submit 10 gigs of executable as an uploaded
image: you either discard it, or interpret it as whatever it's claimed
to be.