[PATCH] wget: don't silently ignore certificate validation
Ralf Friedl
Ralf.Friedl at online.de
Sun May 27 18:19:41 UTC 2018
Denys Vlasenko wrote:
> wget should work for common use cases.
> Such as downloading sources of kernels, gcc and such.
> From build scripts, not only by hand.
> Without having to modify said scripts.
> Your patch breaks that.
> NAK.
>
> I don't care that security people are upset.
> They are paranoid, it's part of their profession.
> It does not mean everybody else have to be as paranoid.
I must admit I'm surprised by this statement.
You add paranoid changes to programs like cp, unlinking the target in
direct violation of POSIX, breaking some use cases. There was recent
discussion about modifying the extraction of TAR and other archives,
which introduced new problems and regressions.
While there is nothing wrong with being careful, busybox is mainly used
on single user systems, so it is unlikely that there is another user to
create race conditions to exploit.
On the other hand, not checking https means transfers could be attacked
by someone anywhere on the network, not only a local user on the
machine, so the number of potential attacked is much larger, and you
don't even print a warning that the remote identity is not checked. You
don't expect everybody to read the complete source code before using
busybox, do you?
More information about the busybox
mailing list