* wget.texi: Corrections, clarifications, and English fixes to
time-stamping documentation. Also moved -nr from "Recursive
Retrieval Options" to "FTP Options" and gave it a @cindex entry.
- Alphabetized FTP options by long option name.
+ Alphabetized FTP options by long option name. Mentioned that
+ .listing symlinked to /etc/passwd is not a security hole, but that
+ other files could be, so root shouldn't run wget in user dirs.
2001-02-22 Dan Harkless <wget@harkless.org>
@itemx --dont-remove-listing
Don't remove the temporary @file{.listing} files generated by @sc{ftp}
retrievals. Normally, these files contain the raw directory listings
-received from @sc{ftp} servers. Not removing them can be useful to
-access the full remote file list when running a mirror, or for debugging
-purposes.
+received from @sc{ftp} servers. Not removing them can be useful for
+debugging purposes, or when you want to be able to easily check on the
+contents of remote server directories (e.g. to verify that a mirror
+you're running is complete).
+
+Note that even though Wget writes to a known filename for this file,
+this is not a security hole in the scenario of a user making
+@file{.listing} a symbolic link to @file{/etc/passwd} or something and
+asking @code{root} to run Wget in his or her directory. Depending on
+the options used, either Wget will refuse to write to @file{.listing},
+making the globbing/recursion/time-stamping operation fail, or the
+symbolic link will be deleted and replaced with the actual
+@file{.listing} file, or the listing will be written to a
+@file{.listing.@var{number}} file.
+
+Even though this situation isn't a problem, though, @code{root} should
+never run Wget in a non-trusted user's directory. A user could do
+something as simple as linking @file{index.html} to @file{/etc/passwd}
+and asking @code{root} to run Wget with @samp{-N} or @samp{-r} so the file
+will be overwritten.
@cindex globbing, toggle
@item -g on/off
projects / wget / commitdiff