diff options
author | Daniel Friesel <derf@finalrewind.org> | 2011-02-09 19:44:48 +0100 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2011-02-09 19:49:28 +0100 |
commit | 23421a86cc826dd30f3dc4f62057fafb04b3ac40 (patch) | |
tree | 7c5fcaf8aceaf6df290721a8247e18d06bfc4bb0 | |
parent | 15bd1c8bd3429ee565ba713fbc95af69a0c10c94 (diff) |
imlib.c: Use wget --no-clobber
This prevents a (highly unlikely) case of an attacker knowing feh's PID and
the user's URL rewriting user files by means of a TOCTTOU attack.
It is still possible to _create_ arbitrary files via dangling symlinks. That
will be fixed once I switch from wget to libcurl.
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | src/imlib.c | 3 |
2 files changed, 5 insertions, 1 deletions
@@ -3,6 +3,9 @@ git HEAD * Add --zoom fill as equivalent for --auto-zoom * Add --zoom max (zooming like in --bg-max) * --menu-style is now deprecated + * Use wget --no-clobber to prevent TOCTTOU-based hole allowing a + well-informed attacker to rewrite arbitrary user files. An attacker can + still use it to _create_ arbitrary files. Wed, 26 Jan 2011 21:07:19 +0100 Daniel Friesel <derf@finalrewind.org> diff --git a/src/imlib.c b/src/imlib.c index 01384d1..b251cac 100644 --- a/src/imlib.c +++ b/src/imlib.c @@ -453,7 +453,8 @@ char *feh_http_load_image(char *url) if (!opt.verbose) quiet = estrdup("-q"); - execlp("wget", "wget", "--cache=off", "-O", tmpname, url, quiet, NULL); + execlp("wget", "wget", "--no-clobber", "--cache=off", + "-O", tmpname, url, quiet, NULL); eprintf("url: Is 'wget' installed? Failed to exec wget:"); } else { waitpid(pid, &status, 0); |