On Tue, Oct 23, 2001 at 12:22:56AM +0200, William Miles wrote: > Hi > > I would like to find out what the security implications are for running > wget as root when downloading a file from a ftp site as an anonymous user? [...]
I don't know if there are any risks specific to wget, but if this is an automated job, perhaps you would be safer running the wget job as a normal user (e.g. "su -c 'wget ...' fred" or similar) and limit root's involvement to moving the file to where it is supposed to be once the download is completed. At least that way you would limit your exposure to any risks associated with wget, although the contents of the downloaded file would remain your problem if it contained anything undesirable. Regards, Colin.
