[BusyBox 0000310]: chmod & chown mixup of permissions with symlinks

bugs at busybox.net bugs at busybox.net
Thu Dec 15 01:21:35 UTC 2005


The following issue has been CLOSED 
====================================================================== 
http://busybox.net/bugs/view.php?id=310 
====================================================================== 
Reported By:                Looxix
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   310
Category:                   Security
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     closed
Resolution:                 open
Fixed in Version:           
====================================================================== 
Date Submitted:             06-25-2005 17:58 PDT
Last Modified:              12-14-2005 17:21 PST
====================================================================== 
Summary:                    chmod & chown mixup of permissions with symlinks
Description: 
Trying to change the owner of a symlink can also change (increase) the
permissions of the target of the symlink. For example:

# ls -l
total 4
-rw-r--r--    1 luc      users           2 Jun 21 00:50 f
lrwxrwxrwx    1 luc      users           1 Jun 21 00:50 l -> f

# chown root.root *
# ls -l
total 4
-rwxrwxrwx    1 root     root            2 Jun 21 00:50 f
  ^^^^^^^^
lrwxrwxrwx    1 root     root            1 Jun 21 00:50 l -> f


The problem come from the fact that recursive_action() use lstat() but
the chown applet use in its action chown() and not lchown().

I think that either lstat()/lchown() or stat()/chown() must be used but
not a mix of the two.

With the following patch chown have the same behaviour as the GNU one and
do the same for chmod that suffer from the same problem.
I have not really checked but from the code it seems that chgrp must not
be corrected since it use already lchown().

====================================================================== 

---------------------------------------------------------------------- 
 landley - 12-14-05 17:21  
---------------------------------------------------------------------- 
svn 12843 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
06-25-05 17:58  Looxix         New Issue                                    
06-25-05 17:58  Looxix         File Added: chown-chmod.patch                    
06-27-05 10:49  Looxix         Issue Monitored: Looxix                      
08-09-05 02:25  mdeschamps     Issue Monitored: mdeschamps                    
12-14-05 17:21  landley        Status                   assigned => closed  
12-14-05 17:21  landley        Note Added: 0000766                          
======================================================================




More information about the busybox-cvs mailing list