Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows Net Apps :: wget.htm

Wget symlink issues



Vulnerability

    wget

Affected

    wget-1.5.3

Description

    Const  Kaplinsky  found  following.    It  seems  to  be  bug   in
    wget-1.5.3.   When  invoked  with  -N  option,  it  tries to chmod
    downloaded  symlinks,  but  actually  permissions  are  changed at
    target files.  This is  very dangerous, because after that  we can
    occasionally make some of  our files world-writable (symlinks  are
    usually report  0777 mode).   It is  especially dangerous  when we
    are downloading symlinks with absolute paths to the target files.

Solution

    Its  quite  unnecessary  to  chmod  symlinks  at  all, and in this
    case the bugfix is simple:

        -      if (f->perms && dlthis)
        +      if (f->perms && f->type == FT_PLAINFILE && dlthis)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH