security bug in busybox chown -R
Natanael Copa
natanael.copa at gmail.com
Fri Aug 18 14:32:35 UTC 2006
On Fri, 2006-08-18 at 15:58 +0200, Natanael Copa wrote:
> I have discovered a bug in the chown applet.
>
> The chown -R follows links.
Actually, its not the -R option that follow links. Its chown(2) itself.
To fix, replace chown(2) with lchown(2). The attached patch does this.
FYI. Gnu chown has a --dereference option to follow links.
>From the gnu chown(1) man page:
--dereference
Change the ownership of the target of a symbolic link instead of
the symbolic link itself. (New in fileutils-4.0.)
FreeBSD and OpenBSD chown(8) has:
-L If the -R option is specified, all symbolic links are followed.
--
Natanael Copa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chown_follow_links.patch
Type: text/x-patch
Size: 465 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20060818/fdeb87c3/attachment-0002.bin
More information about the busybox
mailing list