[BusyBox-cvs] [BusyBox 0000310]: chmod & chown mixup of permissions with symlinks

bugs at busybox.net bugs at busybox.net
Sun Jun 26 00:58:30 UTC 2005


The following issue has been SUBMITTED.
======================================================================
<http://busybox.net/bugs/view.php?id=310> 
======================================================================
Reported By:                Looxix
Assigned To:                BusyBox
======================================================================
Project:                    BusyBox
Issue ID:                   310
Category:                   Security
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
======================================================================
Date Submitted:             06-25-2005 17:58 PDT
Last Modified:              06-25-2005 17:58 PDT
======================================================================
Summary:                    chmod & chown mixup of permissions with symlinks
Description: 
Trying to change the owner of a symlink can also change (increase) the
permissions of the target of the symlink. For example:

# ls -l
total 4
-rw-r--r--    1 luc      users           2 Jun 21 00:50 f
lrwxrwxrwx    1 luc      users           1 Jun 21 00:50 l -> f

# chown root.root *
# ls -l
total 4
-rwxrwxrwx    1 root     root            2 Jun 21 00:50 f
  ^^^^^^^^
lrwxrwxrwx    1 root     root            1 Jun 21 00:50 l -> f


The problem come from the fact that recursive_action() use lstat() but
the chown applet use in its action chown() and not lchown().

I think that either lstat()/lchown() or stat()/chown() must be used but
not a mix of the two.

With the following patch chown have the same behaviour as the GNU one and
do the same for chmod that suffer from the same problem.
I have not really checked but from the code it seems that chgrp must not
be corrected since it use already lchown().

======================================================================

Issue History
Date Modified  Username       Field                    Change              
======================================================================
06-25-05 17:58 Looxix         New Issue                                    
06-25-05 17:58 Looxix         File Added: chown-chmod.patch                    
======================================================================




More information about the busybox-cvs mailing list