> From: Gisle Vanem <[email protected]> > Date: Fri, 17 Jun 2016 22:50:27 +0200 > > > +static bool > > +hsts_file_access_valid (const char *filename) > > +{ > > + struct_stat st; > > + > > + if (stat (filename, &st) == -1) > > + return false; > > + > > + return !(st.st_mode & S_IWOTH) && S_ISREG (st.st_mode); > > Due to the above patch, the following output on Wget/Windows seems > a bit paranoid; wget -d https://vortex.data.microsoft.com/collect/v1 > ... > Reading HSTS entries from c:\Users\Gisle\AppData\Roaming/.wget-hsts > Will not apply HSTS. The HSTS database must be a regular and > non-world-writable file. > ERROR: could not open HSTS store at > 'c:\Users\Gisle\AppData\Roaming/.wget-hsts'. HSTS will be disabled. > > On Windows this file is *not* "world-writeable" AFAICS (and yes, it does > exists). > Hence this "paranoia" should be accounted for. I'm not so much into Posix, > so I'll leave it to you experts to comment & patch.
IMO, this test should be bypassed on Windows. The "world" part in "world-writeable" is a Unix-centric notion, and its translation into MS-Windows ACLs is non-trivial (read: "impossible"). (For example, your "non-world-writeable" file is accessible to certain users and groups of users on Windows, other than Administrator.) So the sanest solution for this is simply not to make this test on Windows.
