cpio bug - symlinks ovewrite regular files
LEVAI Daniel
leva at ecentrum.hu
Fri Jun 11 12:59:41 UTC 2010
Hi!
I've discovered a bug in busybox cpio:
$ touch file # create a file
$ chmod 6755 file # set the suid/sgid bit
$ ln -sf file link # make a symlink to the file
$ ls -la file link
-rwsr-sr-x 1 daniell users 0 Jun 11 13:55:42 2010 file*
lrwxrwxrwx 1 daniell users 4 Jun 11 13:55:49 2010 link@ -> file
$ find file link |busybox cpio -ovHnewc > pack.cpio # package them
$ rm -f file link # remove and ...
$ busybox cpio -dimvu < pack.cpio # ... unpack the files
$ ls -la file link # see what happened
-rwxr-xr-x 1 daniell users 0 Jun 11 13:55:42 2010 file*
lrwxrwxrwx 1 daniell users 4 Jun 11 13:55:49 2010 link@ -> file
The setuid/setgid bits didn't get restored.
It seems like the situation where one changes the mode bits prior to
changing the owner/group on a file:
$ touch file
$ chmod 6755 file ; ls -l file
-rwsr-sr-x 1 daniell daniell 0 2010-06-11 14.01.46 file*
$ chown ^C
$ sudo chown root:daemon file ; ls -l file
-rwxr-xr-x 1 root daemon 0 2010-06-11 14.01.46 file*
I couldn't find the corresponding cpio(1) code in the busybox source
(although I must admit I didn't try very hard), but I also noticed
another bug, which is kind of the same in sed(1):
It changes the modes before the owners when editing files in place, so
the setuid/setgid bits are also gets lost.
--- busybox-1.16.1/editors/sed.c.orig 2010-03-28 19:43:35.000000000 +0200
+++ busybox-1.16.1/editors/sed.c 2010-06-11 14:04:42.253430792 +0200
@@ -1342,8 +1342,8 @@
/* Set permissions/owner of output file */
fstat(fileno(file), &statbuf);
- fchmod(nonstdoutfd, statbuf.st_mode);
fchown(nonstdoutfd, statbuf.st_uid, statbuf.st_gid);
+ fchmod(nonstdoutfd, statbuf.st_mode);
add_input_file(file);
process_files();
fclose(G.nonstdout);
Thanks for any input,
Daniel
--
LÉVAI Dániel
PGP key ID = 0x83B63A8F
Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
More information about the busybox
mailing list