On 8/24/06, Steve Bennett stevage@gmail.com wrote:
Maybe since the GET operation is not exactly the same as the HTTP upload operation (again I don't know what I'm talking about), there would be a way of forcing MediaWiki to download something harmful to itself, such as an executable, or a file that would cause a buffer overrun?
Buffer overruns are critical security flaws that are always specific to a particular implementation's misprogramming. PHP does not have any known buffer overruns; if it did, they'd likely be patched within days if not hours.
What if you set up a dodgy server that said it was going to download you a nice little .gif file, and instead sent you 10 gig of executable?
Same as if a user tries to submit 10 gigs of executable as an uploaded image: you either discard it, or interpret it as whatever it's claimed to be.