Comments (3)
derf
commented on July 19, 2024
The only way of actually using that bug is a TOCTTOU attack. Which is of course possible, but highly unlikely. So this bug is way down on my priority list, it'll probably be fixed once feh switches from wget to libcurl.
Also, I just added the --no-clobber switch to feh's wget invocation, meaning it is no longer possible to overwrite user files, just create new ones via dangling symlinks.
from feh.
derf
commented on July 19, 2024
The git HEAD now uses libcurl with mkstemp, resolving this issue. The fix will be included in feh 2.0, which will probably be released in one to two months.
from feh.
derf
commented on July 19, 2024
Turned out as 1.12, not 2.0, but anyways, issue closed.
from feh.
Related Issues (20)
- option --no-recursive makes feh to do the opposite (recursion)
- Image Loads with Progressive Zoom
- feh no longer reading keys file HOT 1
- failure to load or scan directory HOT 1
- rotate 180 corrupts image
- Data loss with `--unloadable` deleting files HOT 1
- Feature request: logging or printing of current filename HOT 1
- EXIF data for HEIC pictures HOT 1
- feh should request Full Screen to the window manager HOT 2
- One-background-per-display does not work with nvidia drivers + modesetting enabled
- Fully opaque images with alpha channel are rendered slightly transparent when zoomed out HOT 3
- Screen rotation in fullscreen mode causes pictures to be drawn in tile pattern
- double free when using --randomize with unloadable image file
- Allow for adding/removing actions from menu
- CWE-476: NULL Pointer Dereference in XPM Image Parser (ImLib2) HOT 1
- man page site doesn't render HOT 1
- Feature request: Get last file path viewed when exiting feh HOT 1
- Feature request: slideshow for wallpapers
- [Feature Request] Slideshow - Add auto-pan to slideshow HOT 1
- [Feature Request] Slideshow - Add transitions to slideshow
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from feh.