Assume the maintainer of an anonymous ftp site is malicious toward someone who uses wget to mirror his site. He could put in simlinks such as a -> .. b -> ../.. c -> ../../.. d -> ../../../.. s -> /bin/sh etc. Those will all be listed as having 0777 perms since all simlinks do. If wget --mirror, for example, is used to mirror this ftp site and the wget user is not aware of the presence of those links (among a bunch of others files), wget will do ``chmod 0777 l'' on the copy of link l thereby effectively changing the permission of the pointed-to file, if the wget user has the right to do so. This could then be used by a local user of the system running wget. I will send a patch for this which I submitted to bug-wget without receving an answer for 2 months.
Fixed in wget-1.5.3-5. Thanks for the patch.