[BusyBox 0001477]: cp does not work with /dev files

bugs at busybox.net bugs at busybox.net
Wed Aug 29 10:48:51 UTC 2007


A NOTE has been added to this issue. 
====================================================================== 
http://busybox.net/bugs/view.php?id=1477 
====================================================================== 
Reported By:                basagalar
Assigned To:                BusyBox
====================================================================== 
Project:                    BusyBox
Issue ID:                   1477
Category:                   Documentation
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
====================================================================== 
Date Submitted:             08-28-2007 15:11 PDT
Last Modified:              08-29-2007 03:48 PDT
====================================================================== 
Summary:                    cp does not work with /dev files
Description: 
I have upgraded to 1.6.1 and noticed that when I want to copy an image to a
device node (a block device), cp was basically overwriting the device file
with an actual copy of the image, instead of copying it to the device.
This issue is not present on v1.4.0, cp works fine with /dev nodes
====================================================================== 

---------------------------------------------------------------------- 
 vda - 08-29-07 03:48  
---------------------------------------------------------------------- 
You are doing "cp file /dev/disk". You expect cp to open and overwrite
/dev/disk. However, think what will happen if I do this:

cp -a /backups/etc /tmp

and malicious user created /tmp/etc/passwd symlink which points into his
file?
In order to prevent this, I should check beforehand whether /tmp/etc
exists, and this stil isn't fail-safe - user can create /tmp/etc after I
did the check, but before I do cp.

Another example: user asked me to restore *his* homedir from backup.

cp /backups/home/user /home

But user is malicious and he has created /home/user/new_passwd symlink
which points to /etc/passwd, and backup also has user/new_passwd (as
ordinary file).

I consider this unacceptable. Yes, I can be paranoid, remember all these
small nasty things and never copy stuff into /tmp, and do a zillion of
checks when I copy stuff to user's dirs.

But I rather don't. I want cp to NOT overwrite existing files, I want it
to unlink and re-create them.

I know that it isn't POSIX compliant. I think sanity sometimes more
important than POSIX.

Back to your needs. Why can't you use "cat file >/dev/disk"? 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-28-07 15:11  basagalar      New Issue                                    
08-28-07 15:11  basagalar      Status                   new => assigned     
08-28-07 15:11  basagalar      Assigned To               => BusyBox         
08-29-07 03:48  vda            Note Added: 0002702                          
======================================================================




More information about the busybox-cvs mailing list