bug-wget
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] Wget - acess list bypass / race condition PoC

From: Misra, Deapesh
Subject: Re: [Bug-wget] Wget - acess list bypass / race condition PoC
Date: Thu, 18 Aug 2016 21:21:06 +0000 
Yes - I whole heartedly agree with the following:

> 
> To cite myself :)
> "But there is also non-obvious wget behavior in creating those (temp) files 
> in 
> the filesystem."
> 
> The Wget docs just don't make clear that these files come into existence for 
> a 
> while. Of course we could amend the docs and lean back... but it still is not 
> an intuitive behavior and I fear people might trap into that pit. And we 
> could 
> easily prevent it with some lines of code...
> 
> Regards, Tim

Although I am late to this thread, I would like to elucidate the basic issue I 
had with the current scenario with an analogy:

If I assign a guard to a room and order the guard not to allow (say) people 
wearing yellow shirts, I intuitively expect that the people with yellow shirts 
will be prevented from entering the room and not that everyone will be allowed 
into the room and then the yellow shirted people will be asked to leave.

When I had thought about the possible solutions, I had thought of storing the 
files in a temporary location. But you guys (developers) are on the right track 
with all your solutions and the ensuing discussion, IMHO.

Thanks,
Deapesh.
Verisign.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]