Bugtraq mailing list archives
Re: wget-1.5.3, chmod+symlinks
From: hniksic () ISKON HR (Hrvoje Niksic)
Date: Thu, 1 Jun 2000 12:53:24 +0200
Const Kaplinsky <const () ce cctpu edu ru> writes:
It seems to be bug in wget-1.5.3. When invoked with -N option, it tries to chmod downloaded symlinks, but actually permissions are changed at target files. This is very dangerous, because after that we can occasionally make some of our files world-writable (symlinks are usually report 0777 mode). It is especially dangerous when we are downloading symlinks with absolute paths to the target files. I think, its quite unnecessary to chmod symlinks at all, and in this case the bugfix is simple: - if (f->perms && dlthis) + if (f->perms && f->type != FT_SYMLINK && dlthis)
You're right. I've even made the check stronger by using: if (f->perms && f->type == FT_PLAINFILE && dlthis) Thanks for the patch, and sorry for the huge delay.
Current thread:
- Re: wget-1.5.3, chmod+symlinks Hrvoje Niksic (Jun 01)