Denys Vlasenko wrote:
wget should work for common use cases.
Such as downloading sources of kernels, gcc and such.
 From build scripts, not only by hand.
Without having to modify said scripts.
Your patch breaks that.

I don't care that security people are upset.
They are paranoid, it's part of their profession.
It does not mean everybody else have to be as paranoid.
I must admit I'm surprised by this statement.
You add paranoid changes to programs like cp, unlinking the target in direct violation of POSIX, breaking some use cases. There was recent discussion about modifying the extraction of TAR and other archives, which introduced new problems and regressions. While there is nothing wrong with being careful, busybox is mainly used on single user systems, so it is unlikely that there is another user to create race conditions to exploit. On the other hand, not checking https means transfers could be attacked by someone anywhere on the network, not only a local user on the machine, so the number of potential attacked is much larger, and you don't even print a warning that the remote identity is not checked. You don't expect everybody to read the complete source code before using busybox, do you?
busybox mailing list

Reply via email to