diff options
author | Daniel Friesel <derf@finalrewind.org> | 2011-02-09 20:09:53 +0100 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2011-02-09 20:09:53 +0100 |
commit | a16225248e8feca0020113c4e93a30600a35b8f0 (patch) | |
tree | 2f22bad03ffff4c15ce527f332e7b6b68141e25e /src/timers.c | |
parent | 3bd5012d90b7dce9d810576c5dbc06629fa137ee (diff) |
imlib.c: Use wget --no-clobber
This prevents a (highly unlikely) case of an attacker knowing feh's PID and
the user's URL rewriting user files by means of a TOCTTOU attack.
It is still possible to _create_ arbitrary files via dangling symlinks. That
will be fixed once I switch from wget to libcurl.
(cherry picked from commit 23421a86cc826dd30f3dc4f62057fafb04b3ac40)
Conflicts:
ChangeLog
Diffstat (limited to 'src/timers.c')
0 files changed, 0 insertions, 0 deletions