security bug in busybox chown -R

Natanael Copa natanael.copa at gmail.com
Fri Aug 18 14:32:35 UTC 2006


On Fri, 2006-08-18 at 15:58 +0200, Natanael Copa wrote:
> I have discovered a bug in the chown applet.
> 
> The chown -R follows links.

Actually, its not the -R option that follow links. Its chown(2) itself.

To fix, replace chown(2) with lchown(2). The attached patch does this.

FYI. Gnu chown has a --dereference option to follow links.
>From the gnu chown(1) man page:

       --dereference
              Change the ownership of the target of a symbolic link instead of
              the symbolic link itself.  (New in fileutils-4.0.)

FreeBSD and OpenBSD chown(8) has:

     -L      If the -R option is specified, all symbolic links are followed.


--
Natanael Copa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chown_follow_links.patch
Type: text/x-patch
Size: 465 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20060818/fdeb87c3/attachment-0002.bin 


More information about the busybox mailing list