[Bug 44785] New: FTP server (security ?) bug
https://bugs.winehq.org/show_bug.cgi?id=44785 Bug ID: 44785 Summary: FTP server (security ?) bug Product: Packaging Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: wine-packages Assignee: wine-bugs(a)winehq.org Reporter: luc.bournaud(a)hotmail.fr CC: michael(a)fds-team.de, sebastian(a)fds-team.de Distribution: --- I'm making a tool to download Wine from FTP server. I've got a little surprise when listing versions on your FTP server, all directories under "ftp://ftp.winehq.org/pub/wine/source" are "perm=fle" (I can rename the directory) and all files are "perm=adfr" (I can anonymously edit Wine on your servers !). I don't know if it's just a minor bug or a real huge security issue... -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=44785 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jnewman(a)codeweavers.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=44785 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish(a)gmail.com -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=44785 Jeremy Newman <jnewman(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEEDINFO --- Comment #1 from Jeremy Newman <jnewman(a)codeweavers.com> --- Did you actually try to rename a directory or edit a file? The anonymous user is not actually allowed to use the WRITE or STOR commands, so while the directory listings show those permissions, actually doing it is prevented. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=44785 --- Comment #2 from luc.bournaud(a)hotmail.fr --- Created attachment 60820 --> https://bugs.winehq.org/attachment.cgi?id=60820 First screenshot GNOME Nautilus let me edit the filename (it should prevent me ?). -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=44785 --- Comment #3 from luc.bournaud(a)hotmail.fr --- Created attachment 60821 --> https://bugs.winehq.org/attachment.cgi?id=60821 Second screen shot But the server return a error, after refresh the name stay unchanged. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=44785 --- Comment #4 from luc.bournaud(a)hotmail.fr --- It should be nothing more than a little bug in listing :-) -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=44785 tokktokk <fdsfgs(a)krutt.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs(a)krutt.org -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=44785 Jeremy Newman <jnewman(a)codeweavers.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |NOTOURBUG Status|NEEDINFO |RESOLVED --- Comment #5 from Jeremy Newman <jnewman(a)codeweavers.com> --- This sounds like an issue with Gnome and not with our FTP server itself. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
https://bugs.winehq.org/show_bug.cgi?id=44785 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #6 from Austin English <austinenglish(a)gmail.com> --- Closing. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org