[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget - acess list bypass / race condition PoC

From: Giuseppe Scrivano
Subject: Re: [Bug-wget] Wget - acess list bypass / race condition PoC
Date: Thu, 18 Aug 2016 15:34:12 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)


Tim Rühsen <address@hidden> writes:

> Please review / test this patch.
> Please check the 'Reported-by' in the commit message and if you got a CVE 
> number, please report for inclusion into the commit message (and/or the code).
> Regards, Tim
> On Mittwoch, 17. August 2016 10:40:35 CEST Dawid Golunski wrote:
>> Random file name + .part extension on temporary files would already be
>> good improvement (even if still stored within the same directory) and
>> help prevent the exploitation.

I still think we should used a fixed extension, not a random file name.
If wget crashes or the process is terminated for any reason, these files
will be left around.  With a deterministic name, at least we can recover
from what was left.

IMO, it is enough to open these files with rw only for the user and not
add any extra complexity.  It is not wget responsibility to take care of
a misconfigured server that allows to execute random files fetched from


reply via email to

[Prev in Thread] Current Thread [Next in Thread]