Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: wget-1.5.3, chmod+symlinks

From: hniksic () ISKON HR (Hrvoje Niksic)
Date: Thu, 1 Jun 2000 12:53:24 +0200

Const Kaplinsky <const () ce cctpu edu ru> writes:


It seems to be bug in wget-1.5.3. When invoked with -N option, it
tries to chmod downloaded symlinks, but actually permissions are
changed at target files. This is very dangerous, because after that
we can occasionally make some of our files world-writable (symlinks
are usually report 0777 mode). It is especially dangerous when we
are downloading symlinks with absolute paths to the target files.

I think, its quite unnecessary to chmod symlinks at all, and in this
case the bugfix is simple:

-      if (f->perms && dlthis)
+      if (f->perms && f->type != FT_SYMLINK && dlthis)


You're right.  I've even made the check stronger by using:

      if (f->perms && f->type == FT_PLAINFILE && dlthis)

Thanks for the patch, and sorry for the huge delay.
Previous By Date Next
Previous By Thread Next

Current thread: