[tor-talk] wget - secure?

tomtidaly at sigaint.org tomtidaly at sigaint.org
Thu Aug 13 03:02:20 UTC 2015

> On 2012-04-20, Robert Ransom wrote

> No, the underlying point is that I have personally seen wget send my
> computer's IP address over Tor in an FTP PORT command.  wget is not
> ‘100% safe’.

> The code to send a PORT command is still present in wget 1.13.4.  wget
> 1.13.4 is not ‘100% safe’; anyone who wants to recommend it needs to
> specify a particular configuration of wget which is safe.  (Don't
> count on a ‘default configuration’; Linux distributors might have
> messed with it, or failed to update it to the version shipped in
> recent wget source distributions.)

> Robert Ransom

I asked a question asked about this issue on the wget mailing list this
week and a patch was provided by Tim Ruehsen. If you have time it would be
great if you read the mailing list discussion to see if I got the issue
correct, and if your happy with the patch.


More information about the tor-talk mailing list