Date: Tue, 2 Feb 1999 01:53:24 +0700
From: Const Kaplinsky <const@CE.CCTPU.EDU.RU>
To: BUGTRAQ@NETSPACE.ORG
Subject: wget-1.5.3, chmod+symlinks
Hello.
It seems to be bug in wget-1.5.3. When invoked with -N option,
it tries to chmod downloaded symlinks, but actually permissions are
changed at target files. This is very dangerous, because after that
we can occasionally make some of our files world-writable (symlinks
are usually report 0777 mode). It is especially dangerous when we
are downloading symlinks with absolute paths to the target files.
I think, its quite unnecessary to chmod symlinks at all, and
in this case the bugfix is simple:
--- ftp.c.orig Thu Sep 10 20:21:36 1998
+++ ftp.c Tue Feb 2 00:09:33 1999
@@ -1192,7 +1192,7 @@
else if (f->tstamp == -1)
logprintf (LOG_NOTQUIET, _("%s: corrupt time-stamp.\n"),
u->local);
- if (f->perms && dlthis)
+ if (f->perms && f->type != FT_SYMLINK && dlthis)
chmod (u->local, f->perms);
else
DEBUGP (("Unrecognized permissions for %s.\n", u->local));
And this code also shows that we can't preserve mode 0000
when downloading files, and this is not absolutely correct
(since any other modes are preserved).
--
WBW,
Const
