https://bugs.winehq.org/show_bug.cgi?id=44785
Bug ID: 44785 Summary: FTP server (security ?) bug Product: Packaging Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: major Priority: P2 Component: wine-packages Assignee: wine-bugs@winehq.org Reporter: luc.bournaud@hotmail.fr CC: michael@fds-team.de, sebastian@fds-team.de Distribution: ---
I'm making a tool to download Wine from FTP server. I've got a little surprise when listing versions on your FTP server, all directories under "ftp://ftp.winehq.org/pub/wine/source" are "perm=fle" (I can rename the directory) and all files are "perm=adfr" (I can anonymously edit Wine on your servers !).
I don't know if it's just a minor bug or a real huge security issue...
https://bugs.winehq.org/show_bug.cgi?id=44785
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jnewman@codeweavers.com
https://bugs.winehq.org/show_bug.cgi?id=44785
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=44785
Jeremy Newman jnewman@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEEDINFO
--- Comment #1 from Jeremy Newman jnewman@codeweavers.com --- Did you actually try to rename a directory or edit a file? The anonymous user is not actually allowed to use the WRITE or STOR commands, so while the directory listings show those permissions, actually doing it is prevented.
https://bugs.winehq.org/show_bug.cgi?id=44785
--- Comment #2 from luc.bournaud@hotmail.fr --- Created attachment 60820 --> https://bugs.winehq.org/attachment.cgi?id=60820 First screenshot
GNOME Nautilus let me edit the filename (it should prevent me ?).
https://bugs.winehq.org/show_bug.cgi?id=44785
--- Comment #3 from luc.bournaud@hotmail.fr --- Created attachment 60821 --> https://bugs.winehq.org/attachment.cgi?id=60821 Second screen shot
But the server return a error, after refresh the name stay unchanged.
https://bugs.winehq.org/show_bug.cgi?id=44785
--- Comment #4 from luc.bournaud@hotmail.fr --- It should be nothing more than a little bug in listing :-)
https://bugs.winehq.org/show_bug.cgi?id=44785
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=44785
Jeremy Newman jnewman@codeweavers.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |NOTOURBUG Status|NEEDINFO |RESOLVED
--- Comment #5 from Jeremy Newman jnewman@codeweavers.com --- This sounds like an issue with Gnome and not with our FTP server itself.
https://bugs.winehq.org/show_bug.cgi?id=44785
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #6 from Austin English austinenglish@gmail.com --- Closing.
-
wine-bugs@winehq.org