|
From: | Jon Beilke |
Subject: | [bug #57766] Remove group-write permission from ~/.wget-hsts file |
Date: | Fri, 7 Feb 2020 12:16:11 -0500 (EST) |
User-agent: | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36 |
URL: <https://savannah.gnu.org/bugs/?57766> Summary: Remove group-write permission from ~/.wget-hsts file Project: GNU Wget Submitted by: jrbeilke Submitted on: Fri 07 Feb 2020 11:16:09 AM CST Category: Feature Request Severity: 3 - Normal Priority: 5 - Normal Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Discussion Lock: Any Release: trunk Operating System: GNU/Linux Reproducibility: Every Time Fixed Release: None Planned Release: None Regression: None Work Required: None Patch Included: None _______________________________________________________ Details: Working on improving the security of our Linux systems and one of the recommendations is to ensure user dot files are not group or world writable (CIS DIL 6.2.10), but wget generates the .wget-hsts file for users with group write permissions. Here's an example from a fresh Ubuntu 18.04.4 system with wget 1.19.4: $ ls -al total 40 drwxr-xr-x 6 vagrant vagrant 4096 Feb 7 17:04 . drwxr-xr-x 4 root root 4096 Feb 7 17:03 .. -rw-r--r-- 1 vagrant vagrant 220 Jan 31 15:58 .bash_logout -rw-r--r-- 1 vagrant vagrant 3771 Jan 31 15:58 .bashrc drwx------ 2 vagrant vagrant 4096 Feb 7 17:03 .cache drwx------ 3 vagrant vagrant 4096 Feb 7 17:03 .gnupg -rw-r--r-- 1 vagrant vagrant 807 Jan 31 15:58 .profile drwx------ 2 vagrant vagrant 4096 Feb 7 17:03 .ssh -rw-rw-r-- 1 vagrant vagrant 165 Feb 7 17:04 .wget-hsts Is there a specific wget feature/functionality that requires the .wget-hsts file be writable by the group? If not can the file be generated with 644 permissions instead? _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?57766> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |