What's up with chown.c doing a chmod?

Shaun Jackman sjackman at gmail.com
Thu Jan 5 20:57:41 UTC 2006


Hello Rob,

The chmod call seems unnecessary. I just checked the coreutils
implementation of chown, and it does not call chmod at any time. I
found this comment in the source code that suggests a chown can change
permission bits. So perhaps someone was trying to undo that effect,
despite this comment's warning. I'd suggest removing the chmod call. I
don't suppose there's ChangeLog entry or cvs blame entry for the
offending line?

      /* On some systems (e.g., Linux-2.4.x),
	 the chown function resets the `special' permission bits.
	 Do *not* restore those bits;  doing so would open a window in
	 which a malicious user, M, could subvert a chown command run
	 by some other user and operating on files in a directory
	 where M has write access.  */

Cheers,
Shaun

2005/12/17, Rob Landley <rob at landley.net>:
> In coreutils/chown.c, why doed fileAction call chmod(fileName,
> statbuf->st_mode);  Isn't statbuf what the file _already_ has?  Does the file
> need some kind of reassurance?  (Attaboy, file!)
>
> I'm confused.  Is chmod corrupting the permissions when we didn't ask it to?
> Why is the code doing that?
>
> Rob
> (Off fixing bug 603...)



More information about the busybox mailing list