security bug in busybox chown -R
Natanael Copa
natanael.copa at gmail.com
Fri Aug 18 16:11:08 UTC 2006
On Sat, 2006-08-19 at 03:49 +1200, Glenn L McGrath wrote:
> On Fri, 18 Aug 2006 16:32:35 +0200
> Natanael Copa <natanael.copa at gmail.com> wrote:
>
> > On Fri, 2006-08-18 at 15:58 +0200, Natanael Copa wrote:
> > > I have discovered a bug in the chown applet.
> > >
> > > The chown -R follows links.
> >
> > Actually, its not the -R option that follow links. Its chown(2)
> > itself.
> >
> > To fix, replace chown(2) with lchown(2). The attached patch does this.
> >
> > FYI. Gnu chown has a --dereference option to follow links.
> > >From the gnu chown(1) man page:
> >
> > --dereference
> > Change the ownership of the target of a symbolic link
> > instead of the symbolic link itself. (New in fileutils-4.0.)
> >
> > FreeBSD and OpenBSD chown(8) has:
> >
> > -L If the -R option is specified, all symbolic links are
> > followed.
>
> In the SuSv3 spec there is a -h option which changes the id of the
> symlink rather than the target, which implies the default should be to
> change the target.
Checking... yes, thats how both GNU Linux and FreeBSD does.
> But then when doing recursive chowns, it has 3 different options to
> specify its behaviour and states, "Unless a -H, -L, or -P option is
> specified, it is unspecified which of these options will be used as the
> default."
>
> -H and -L refer to symlinks that point to directories.
>
> -P says it should change the symlink rather than the target, so its
> a -h for symlinks within your specified directory.
>
> So in your example, maybe the admin should have done "chown -P
> ncopa /home/ncopa" as -R has an unspecified functionality, but i guess
> its a judgement call on what busybox should do by default with -R.
GNU Linux does sets the link itself and not the target by default and so
does FreeBSD too.
FreeBSD man page:
-P If the -R option is specified, no symbolic links are followed.
This is the default.
I have tested and confirm that is how it works.
Will continue on monday.
Have a nice weekend ppl.
--
Natanael Copa
More information about the busybox
mailing list