Skip to content
Commit 23421a86 authored by Birte Kristina Friesel's avatar Birte Kristina Friesel
Browse files

imlib.c: Use wget --no-clobber

This prevents a (highly unlikely) case of an attacker knowing feh's PID and
the user's URL rewriting user files by means of a TOCTTOU attack.

It is still possible to _create_ arbitrary files via dangling symlinks. That
will be fixed once I switch from wget to libcurl.
parent 15bd1c8b
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment