Bugtraq: Re: wget-1.5.3, chmod+symlinks

From: Hrvoje Niksic <hniksic_at_ISKON.HR>
Date: Thu, 1 Jun 2000 12:53:24 +0200

Const Kaplinsky <const_at_ce.cctpu.edu.ru> writes:

> It seems to be bug in wget-1.5.3. When invoked with -N option, it
> tries to chmod downloaded symlinks, but actually permissions are
> changed at target files. This is very dangerous, because after that
> we can occasionally make some of our files world-writable (symlinks
> are usually report 0777 mode). It is especially dangerous when we
> are downloading symlinks with absolute paths to the target files.
>
> I think, its quite unnecessary to chmod symlinks at all, and in this
> case the bugfix is simple:
>
> - if (f->perms && dlthis)
> + if (f->perms && f->type != FT_SYMLINK && dlthis)

You're right. I've even made the check stronger by using:

if (f->perms && f->type == FT_PLAINFILE && dlthis)

Thanks for the patch, and sorry for the huge delay.
Received on Jun 01 2000