[BusyBox 0001477]: cp does not work with /dev files
bugs at busybox.net
bugs at busybox.net
Thu Sep 13 07:45:26 UTC 2007
A NOTE has been added to this issue.
======================================================================
http://busybox.net/bugs/view.php?id=1477
======================================================================
Reported By: basagalar
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 1477
Category: Documentation
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 08-28-2007 15:11 PDT
Last Modified: 09-13-2007 00:45 PDT
======================================================================
Summary: cp does not work with /dev files
Description:
I have upgraded to 1.6.1 and noticed that when I want to copy an image to a
device node (a block device), cp was basically overwriting the device file
with an actual copy of the image, instead of copying it to the device.
This issue is not present on v1.4.0, cp works fine with /dev nodes
======================================================================
----------------------------------------------------------------------
vda - 08-29-07 04:07
----------------------------------------------------------------------
You are doing "cp file /dev/disk". You expect cp to open and overwrite
/dev/disk. However, think what will happen if I do this:
cp -a /backups/etc /tmp
and malicious user created /tmp/etc/passwd symlink which points into his
file?
In order to prevent this, I should check beforehand whether /tmp/etc
exists, and this stil isn't fail-safe - user can create /tmp/etc after I
did the check, but before I do cp.
Another example: user asked me to restore *his* homedir from backup. A
friendly admin does this:
cp -a /backups/home/user /home
But user is malicious and he has created /home/user/new_passwd symlink
which points to /etc/passwd, and backup also has user/new_passwd (as
ordinary file).
I consider this unacceptable. Yes, I can be paranoid, remember all these
small nasty things and never copy stuff into /tmp, and do a zillion of
checks when I copy stuff to user's dirs.
But I rather don't. I want cp to NOT overwrite existing files, I want it
to unlink and re-create them.
I know that it isn't POSIX compliant. I think sanity sometimes is more
important than POSIX.
Back to your needs. Why can't you use "cat file >/dev/disk"?
----------------------------------------------------------------------
jackson - 09-13-07 00:45
----------------------------------------------------------------------
Can anyone give me the exact steps to reproduce this scenario.
Issue History
Date Modified Username Field Change
======================================================================
08-28-07 15:11 basagalar New Issue
08-28-07 15:11 basagalar Status new => assigned
08-28-07 15:11 basagalar Assigned To => BusyBox
08-29-07 03:48 vda Note Added: 0002702
08-29-07 04:06 vda Note Edited: 0002702
08-29-07 04:07 vda Note Edited: 0002702
09-13-07 00:45 jackson Note Added: 0002739
======================================================================
More information about the busybox-cvs
mailing list