[BusyBox-cvs] [BusyBox 0000310]: chmod & chown mixup of permissions with symlinks
bugs at busybox.net
bugs at busybox.net
Sun Jun 26 00:58:30 UTC 2005
The following issue has been SUBMITTED.
======================================================================
<http://busybox.net/bugs/view.php?id=310>
======================================================================
Reported By: Looxix
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 310
Category: Security
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 06-25-2005 17:58 PDT
Last Modified: 06-25-2005 17:58 PDT
======================================================================
Summary: chmod & chown mixup of permissions with symlinks
Description:
Trying to change the owner of a symlink can also change (increase) the
permissions of the target of the symlink. For example:
# ls -l
total 4
-rw-r--r-- 1 luc users 2 Jun 21 00:50 f
lrwxrwxrwx 1 luc users 1 Jun 21 00:50 l -> f
# chown root.root *
# ls -l
total 4
-rwxrwxrwx 1 root root 2 Jun 21 00:50 f
^^^^^^^^
lrwxrwxrwx 1 root root 1 Jun 21 00:50 l -> f
The problem come from the fact that recursive_action() use lstat() but
the chown applet use in its action chown() and not lchown().
I think that either lstat()/lchown() or stat()/chown() must be used but
not a mix of the two.
With the following patch chown have the same behaviour as the GNU one and
do the same for chmod that suffer from the same problem.
I have not really checked but from the code it seems that chgrp must not
be corrected since it use already lchown().
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
06-25-05 17:58 Looxix New Issue
06-25-05 17:58 Looxix File Added: chown-chmod.patch
======================================================================
More information about the busybox-cvs
mailing list